summaryrefslogtreecommitdiffstats
path: root/man
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-10 19:59:03 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-10 19:59:03 +0000
commita848231ae0f346dc7cc000973fbeb65b0894ee92 (patch)
tree44b60b367c86723cc78383ef247885d72b388afe /man
parentInitial commit. (diff)
downloadpostfix-a848231ae0f346dc7cc000973fbeb65b0894ee92.tar.xz
postfix-a848231ae0f346dc7cc000973fbeb65b0894ee92.zip
Adding upstream version 3.8.5.upstream/3.8.5
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'man')
-rw-r--r--man/Makefile.in408
-rw-r--r--man/cat1/.keep0
-rw-r--r--man/cat5/.keep0
-rw-r--r--man/cat8/.keep0
-rw-r--r--man/man1/mailq.11
-rw-r--r--man/man1/makedefs.1191
-rw-r--r--man/man1/newaliases.11
-rw-r--r--man/man1/postalias.1262
-rw-r--r--man/man1/postcat.1121
-rw-r--r--man/man1/postconf.1610
-rw-r--r--man/man1/postdrop.1139
-rw-r--r--man/man1/postfix-tls.1244
-rw-r--r--man/man1/postfix.1434
-rw-r--r--man/man1/postkick.1102
-rw-r--r--man/man1/postlock.1126
-rw-r--r--man/man1/postlog.1125
-rw-r--r--man/man1/postmap.1343
-rw-r--r--man/man1/postmulti.1434
-rw-r--r--man/man1/postqueue.1269
-rw-r--r--man/man1/postsuper.1343
-rw-r--r--man/man1/posttls-finger.1345
-rw-r--r--man/man1/qmqp-sink.169
-rw-r--r--man/man1/qmqp-source.190
-rw-r--r--man/man1/qshape.1118
-rw-r--r--man/man1/sendmail.1512
-rw-r--r--man/man1/smtp-sink.1276
-rw-r--r--man/man1/smtp-source.1127
-rw-r--r--man/man5/access.5480
-rw-r--r--man/man5/aliases.5233
-rw-r--r--man/man5/body_checks.51
-rw-r--r--man/man5/bounce.5235
-rw-r--r--man/man5/canonical.5304
-rw-r--r--man/man5/cidr_table.5199
-rw-r--r--man/man5/generic.5274
-rw-r--r--man/man5/header_checks.5528
-rw-r--r--man/man5/ldap_table.5751
-rw-r--r--man/man5/lmdb_table.5142
-rw-r--r--man/man5/master.5270
-rw-r--r--man/man5/memcache_table.5259
-rw-r--r--man/man5/mysql_table.5431
-rw-r--r--man/man5/nisplus_table.5106
-rw-r--r--man/man5/pcre_table.5275
-rw-r--r--man/man5/pgsql_table.5353
-rw-r--r--man/man5/postconf.515683
-rw-r--r--man/man5/postfix-wrapper.5317
-rw-r--r--man/man5/regexp_table.5236
-rw-r--r--man/man5/relocated.5195
-rw-r--r--man/man5/socketmap_table.5120
-rw-r--r--man/man5/sqlite_table.5284
-rw-r--r--man/man5/tcp_table.5133
-rw-r--r--man/man5/transport.5335
-rw-r--r--man/man5/virtual.5337
-rw-r--r--man/man8/anvil.8302
-rw-r--r--man/man8/bounce.8182
-rw-r--r--man/man8/cleanup.8515
-rw-r--r--man/man8/defer.81
-rw-r--r--man/man8/discard.8134
-rw-r--r--man/man8/dnsblog.8108
-rw-r--r--man/man8/error.8136
-rw-r--r--man/man8/flush.8183
-rw-r--r--man/man8/lmtp.81
-rw-r--r--man/man8/local.8668
-rw-r--r--man/man8/master.8225
-rw-r--r--man/man8/oqmgr.8425
-rw-r--r--man/man8/pickup.8141
-rw-r--r--man/man8/pipe.8484
-rw-r--r--man/man8/postlogd.8102
-rw-r--r--man/man8/postscreen.8478
-rw-r--r--man/man8/proxymap.8243
-rw-r--r--man/man8/qmgr.8495
-rw-r--r--man/man8/qmqpd.8214
-rw-r--r--man/man8/scache.8178
-rw-r--r--man/man8/showq.8125
-rw-r--r--man/man8/smtp.8999
-rw-r--r--man/man8/smtpd.81294
-rw-r--r--man/man8/spawn.8156
-rw-r--r--man/man8/tlsmgr.8208
-rw-r--r--man/man8/tlsproxy.8413
-rw-r--r--man/man8/trace.81
-rw-r--r--man/man8/trivial-rewrite.8325
-rw-r--r--man/man8/verify.8257
-rw-r--r--man/man8/virtual.8358
82 files changed, 37522 insertions, 0 deletions
diff --git a/man/Makefile.in b/man/Makefile.in
new file mode 100644
index 0000000..f98402c
--- /dev/null
+++ b/man/Makefile.in
@@ -0,0 +1,408 @@
+SHELL = /bin/sh
+
+# For now, just hard-coded rules for daemons, commands, config files.
+
+DAEMONS = man8/bounce.8 man8/defer.8 man8/cleanup.8 man8/error.8 man8/local.8 \
+ man8/lmtp.8 man8/master.8 man8/pickup.8 man8/pipe.8 man8/qmgr.8 \
+ man8/showq.8 man8/smtp.8 man8/smtpd.8 man8/trivial-rewrite.8 \
+ man8/oqmgr.8 man8/spawn.8 man8/flush.8 man8/virtual.8 man8/qmqpd.8 \
+ man8/verify.8 man8/trace.8 man8/proxymap.8 man8/anvil.8 \
+ man8/scache.8 man8/discard.8 man8/tlsmgr.8 man8/postscreen.8 \
+ man8/dnsblog.8 man8/tlsproxy.8 man8/postlogd.8
+COMMANDS= man1/postalias.1 man1/postcat.1 man1/postconf.1 man1/postfix.1 \
+ man1/postkick.1 man1/postlock.1 man1/postlog.1 man1/postdrop.1 \
+ man1/postmap.1 man1/postmulti.1 man1/postqueue.1 man1/postsuper.1 \
+ man1/sendmail.1 man1/mailq.1 man1/newaliases.1 man1/postfix-tls.1
+CONFIG = man5/access.5 man5/aliases.5 man5/canonical.5 man5/relocated.5 \
+ man5/transport.5 man5/virtual.5 man5/pcre_table.5 man5/regexp_table.5 \
+ man5/cidr_table.5 man5/tcp_table.5 man5/header_checks.5 \
+ man5/body_checks.5 man5/ldap_table.5 man5/lmdb_table.5 \
+ man5/memcache_table.5 man5/mysql_table.5 \
+ man5/pgsql_table.5 man5/master.5 man5/nisplus_table.5 \
+ man5/generic.5 man5/bounce.5 man5/postfix-wrapper.5 \
+ man5/sqlite_table.5 man5/socketmap_table.5
+TOOLS = man1/smtp-sink.1 man1/smtp-source.1 man1/qmqp-sink.1 \
+ man1/qmqp-source.1 man1/qshape.1 man1/posttls-finger.1 \
+ man1/makedefs.1
+
+update: $(DAEMONS) $(COMMANDS) $(CONFIG) $(TOOLS)
+
+clean:
+ rm -f cat?/*
+
+tidy: clean
+
+clobber:
+ rm -f $(DAEMONS) $(COMMANDS) $(CONFIG)
+
+man8/bounce.8: ../src/bounce/bounce.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man8/defer.8:
+ echo .so man8/bounce.8 >$@
+
+man8/cleanup.8: ../src/cleanup/cleanup.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man8/anvil.8: ../src/anvil/anvil.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man8/scache.8: ../src/scache/scache.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man8/discard.8: ../src/discard/discard.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man8/dnsblog.8: ../src/dnsblog/dnsblog.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man8/error.8: ../src/error/error.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man8/flush.8: ../src/flush/flush.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man8/local.8: ../src/local/local.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man8/lmtp.8:
+ echo .so man8/smtp.8 >$@
+
+man8/master.8: ../src/master/master.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man8/oqmgr.8: ../src/oqmgr/qmgr.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? | \
+ sed -e 's/qmgr[^_]/o&/' \
+ -e 's/qmgr$$/o&/' \
+ -e 's/QMGR[^_]/O&/' >$@
+
+man8/pickup.8: ../src/pickup/pickup.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man8/pipe.8: ../src/pipe/pipe.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man8/postlogd.8: ../src/postlogd/postlogd.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man8/postscreen.8: ../src/postscreen/postscreen.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man8/proxymap.8: ../src/proxymap/proxymap.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man8/qmgr.8: ../src/qmgr/qmgr.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man8/qmqpd.8: ../src/qmqpd/qmqpd.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man8/showq.8: ../src/showq/showq.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man8/spawn.8: ../src/spawn/spawn.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man8/smtp.8: ../src/smtp/smtp.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man8/smtpd.8: ../src/smtpd/smtpd.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man8/tlsproxy.8: ../src/tlsproxy/tlsproxy.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man8/virtual.8: ../src/virtual/virtual.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man8/verify.8: ../src/verify/verify.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man8/trace.8:
+ echo .so man8/bounce.8 >$@
+
+man8/tlsmgr.8: ../src/tlsmgr/tlsmgr.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man8/trivial-rewrite.8: ../src/trivial-rewrite/trivial-rewrite.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man1/postalias.1: ../src/postalias/postalias.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man1/postcat.1: ../src/postcat/postcat.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man1/postconf.1: ../src/postconf/postconf.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man1/postdrop.1: ../src/postdrop/postdrop.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man1/postfix.1: ../src/postfix/postfix.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man1/postfix-tls.1: ../conf/postfix-tls-script
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman - $? >$@
+
+man1/postkick.1: ../src/postkick/postkick.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man1/postlock.1: ../src/postlock/postlock.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man1/postlog.1: ../src/postlog/postlog.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man1/postmap.1: ../src/postmap/postmap.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man1/postmulti.1: ../src/postmulti/postmulti.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man1/postqueue.1: ../src/postqueue/postqueue.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man1/postsuper.1: ../src/postsuper/postsuper.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man1/sendmail.1: ../src/sendmail/sendmail.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man1/mailq.1:
+ echo .so man1/sendmail.1 >$@
+
+man1/newaliases.1:
+ echo .so man1/sendmail.1 >$@
+
+man5/access.5: ../proto/access
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman - $? >$@
+
+man5/aliases.5: ../proto/aliases
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman - $? >$@
+
+man5/bounce.5: ../proto/bounce
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman - $? >$@
+
+man5/canonical.5: ../proto/canonical
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman - $? >$@
+
+man5/cidr_table.5: ../proto/cidr_table
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman - $? >$@
+
+man5/generic.5: ../proto/generic
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman - $? >$@
+
+man5/header_checks.5: ../proto/header_checks
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman - $? >$@
+
+man5/body_checks.5: ../proto/header_checks
+ echo .so man5/header_checks.5 >$@
+
+man5/ldap_table.5: ../proto/ldap_table
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman - $? >$@
+
+man5/lmdb_table.5: ../proto/lmdb_table
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman - $? >$@
+
+man5/master.5: ../proto/master
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman - $? >$@
+
+man5/memcache_table.5: ../proto/memcache_table
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman - $? >$@
+
+man5/mysql_table.5: ../proto/mysql_table
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman - $? >$@
+
+man5/socketmap_table.5: ../proto/socketmap_table
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman - $? >$@
+
+man5/sqlite_table.5: ../proto/sqlite_table
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman - $? >$@
+
+man5/nisplus_table.5: ../proto/nisplus_table
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman - $? >$@
+
+man5/pcre_table.5: ../proto/pcre_table
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman - $? >$@
+
+man5/pgsql_table.5: ../proto/pgsql_table
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman - $? >$@
+
+man5/regexp_table.5: ../proto/regexp_table
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman - $? >$@
+
+man5/relocated.5: ../proto/relocated
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman - $? >$@
+
+man5/transport.5: ../proto/transport
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman - $? >$@
+
+man5/virtual.5: ../proto/virtual
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman - $? >$@
+
+man5/postfix-wrapper.5: ../proto/postfix-wrapper
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman - $? >$@
+
+man1/smtp-sink.1: ../src/smtpstone/smtp-sink.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man1/smtp-source.1: ../src/smtpstone/smtp-source.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man1/posttls-finger.1: ../src/posttls-finger/posttls-finger.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man1/makedefs.1: ../makedefs
+ ../mantools/srctoman - $? >$@
+
+man5/tcp_table.5: ../proto/tcp_table
+ ../mantools/srctoman - $? >$@
+
+man1/qmqp-sink.1: ../src/smtpstone/qmqp-sink.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man1/qmqp-source.1: ../src/smtpstone/qmqp-source.c
+ ../mantools/fixman ../proto/postconf.proto $? >junk && \
+ (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman $? >$@
+
+man1/qshape.1: ../auxiliary/qshape/qshape.pl
+ #../mantools/fixman ../proto/postconf.proto $? >junk && \
+ # (cmp -s junk $? || mv junk $?) && rm -f junk
+ ../mantools/srctoman - $? >$@
diff --git a/man/cat1/.keep b/man/cat1/.keep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/man/cat1/.keep
diff --git a/man/cat5/.keep b/man/cat5/.keep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/man/cat5/.keep
diff --git a/man/cat8/.keep b/man/cat8/.keep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/man/cat8/.keep
diff --git a/man/man1/mailq.1 b/man/man1/mailq.1
new file mode 100644
index 0000000..b12bf18
--- /dev/null
+++ b/man/man1/mailq.1
@@ -0,0 +1 @@
+.so man1/sendmail.1
diff --git a/man/man1/makedefs.1 b/man/man1/makedefs.1
new file mode 100644
index 0000000..70c848e
--- /dev/null
+++ b/man/man1/makedefs.1
@@ -0,0 +1,191 @@
+.TH MAKEDEFS 1
+.ad
+.fi
+.SH NAME
+makedefs
+\-
+Postfix makefile configuration utility
+.SH "SYNOPSIS"
+.na
+.nf
+\fBmake makefiles \fIname=value...\fR
+.SH DESCRIPTION
+.ad
+.fi
+The \fBmakedefs\fR command identifies the compilation
+environment, and emits macro definitions on the standard
+output stream that can be prepended to template Makefiles.
+These macros implement an internal interface and are subject
+to change without notice.
+.SH "NAME=VALUE OVERRIDES"
+.na
+.nf
+.ad
+.fi
+Default settings can be overruled by specifying them as
+environment variables (or as name=value pairs on the "make"
+command line). Use quotes if variables contain whitespace
+or shell meta characters.
+
+The command "\fBmake makefiles name=value...\fR" will replace
+the string \fBMAIL_VERSION\fR at the end of a value with the
+Postfix version (\fImajor.minor.patchlevel\fR for a stable
+release, \fImajor.minor\-date\fR for a development release).
+Do not try to specify something like \fB$mail_version\fR:
+that produces inconsistent results with different implementations
+of the make(1) command.
+.IP \fBAUXLIBS=\fIobject_library...\fR
+Specifies one or more non\-default object libraries. Postfix
+3.0 and later specify some of their database library
+dependencies with AUXLIBS_CDB, AUXLIBS_LDAP, AUXLIBS_LMDB,
+AUXLIBS_MYSQL, AUXLIBS_PCRE, AUXLIBS_PGSQL, AUXLIBS_SDBM,
+and AUXLIBS_SQLITE, respectively.
+.IP \fBCC=\fIcompiler_command\fR
+Specifies a non\-default compiler. On many systems, the default
+is \fBgcc\fR.
+.IP \fBCCARGS=\fIcompiler_arguments\fR
+Specifies non\-default compiler arguments, for example, a non\-default
+\fIinclude\fR directory.
+The following directives are special:
+.RS
+.IP \fB\-DNO_DB\fR
+Do not build with Berkeley DB support.
+.IP \fB\-DNO_DEVPOLL\fR
+Do not build with Solaris /dev/poll support.
+By default, /dev/poll support is compiled in on platforms that
+are known to support it.
+.IP \fB\-DNO_DNSSEC\fR
+Do not build with DNSSEC support, even if the resolver
+library appears to support it.
+.IP \fB\-DNO_EPOLL\fR
+Do not build with Linux EPOLL support.
+By default, EPOLL support is compiled in on platforms that
+are known to support it.
+.IP \fB\-DNO_EAI\fR
+Do not build with EAI (SMTPUTF8) support. By default, EAI
+support is compiled in when the "pkg\-config" command is
+found, or the deprecated "icu\-config" command.
+.IP \fB\-DNO_INLINE\fR
+Do not require support for C99 "inline" functions. Instead,
+implement argument typechecks for non\-(printf/scanf)\-like
+functions with ternary operators and unreachable code.
+.IP \fB\-DNO_IPV6\fR
+Do not build with IPv6 support.
+By default, IPv6 support is compiled in on platforms that
+are known to have IPv6 support.
+
+Note: this directive is for debugging and testing only. It
+is not guaranteed to work on all platforms. If you don't
+want IPv6 support, set "inet_protocols = ipv4" in main.cf.
+.IP \fB\-DNO_IP_CYRUS_SASL_AUTH\fR
+Don't pass remote SMTP client and Postfix SMTP server IP
+address and port information to the Cyrus SASL library.
+This is compatible with Postfix < 3.2.
+.IP \fB\-DNO_KQUEUE\fR
+Do not build with FreeBSD/NetBSD/OpenBSD/MacOSX KQUEUE support.
+By default, KQUEUE support is compiled in on platforms that
+are known to support it.
+.IP \fB\-DNO_NIS\fR
+Do not build with NIS or NISPLUS support. Support for NIS
+is unavailable on some recent Linux distributions.
+.IP \fB\-DNO_NISPLUS\fR
+Do not build with NISPLUS support. Support for NISPLUS
+is unavailable on some recent Solaris distributions.
+.IP \fB\-DNO_PCRE\fR
+Do not build with PCRE support.
+By default, PCRE support is compiled in when the \fBpcre2\-config\fR
+or \fBpcre\-config\fR utility are installed.
+.IP \fB\-DNO_POSIX_GETPW_R\fR
+Disable support for POSIX getpwnam_r/getpwuid_r.
+.IP \fB\-DNO_RES_NCALLS\fR
+Do not build with the threadsafe resolver(5) API (res_ninit() etc.).
+.IP \fB\-DNO_SIGSETJMP\fR
+Use setjmp()/longjmp() instead of sigsetjmp()/siglongjmp().
+By default, Postfix uses sigsetjmp()/siglongjmp() when they
+appear to work.
+.IP \fB\-DNO_SNPRINTF\fR
+Use sprintf() instead of snprintf(). By default, Postfix
+uses snprintf() except on ancient systems.
+.RE
+.IP \fBDEBUG=\fIdebug_level\fR
+Specifies a non\-default debugging level. The default is \fB\-g\fR.
+Specify \fBDEBUG=\fR to turn off debugging.
+.IP \fBOPT=\fIoptimization_level\fR
+Specifies a non\-default optimization level. The default is \fB\-O\fR.
+Specify \fBOPT=\fR to turn off optimization.
+.IP \fBPOSTFIX_INSTALL_OPTS=\fI\-option...\fR
+Specifies options for the postfix\-install command, separated
+by whitespace. Currently, the only supported option is
+\fB\-keep\-build\-mtime\fR.
+.IP \fBSHLIB_CFLAGS=\fIflags\fR
+Override the compiler flags (typically, "\-fPIC") for Postfix
+dynamically\-linked libraries and database plugins.
+
+This feature was introduced with Postfix 3.0.
+.IP \fBSHLIB_RPATH=\fIrpath\fR
+Override the runpath (typically, "'\-Wl,\-rpath,${SHLIB_DIR}'")
+for Postfix dynamically\-linked libraries.
+
+This feature was introduced with Postfix 3.0.
+.IP \fBSHLIB_SUFFIX=\fIsuffix\fR
+Override the filename suffix (typically, ".so") for Postfix
+dynamically\-linked libraries and database plugins.
+
+This feature was introduced with Postfix 3.0.
+.IP \fBshared=yes\fR
+.IP \fBshared=no\fR
+Enable (disable) Postfix builds with dynamically\-linked
+libraries typically named $shlib_directory/libpostfix\-*.so.*.
+
+This feature was introduced with Postfix 3.0.
+.IP \fBdynamicmaps=yes\fR
+.IP \fBdynamicmaps=no\fR
+Enable (disable) Postfix builds with the configuration file
+$meta_directory/dynamicmaps.cf and dynamically\-loadable
+database plugins typically named postfix\-*.so.*. The setting
+"dynamicmaps=yes" implicitly enables Postfix dynamically\-linked
+libraries.
+
+This feature was introduced with Postfix 3.0.
+.IP \fBpie=yes\fR
+.IP \fBpie=no\fR
+Enable (disable) Postfix builds with position\-independent
+executables, on platforms where this is supported.
+
+This feature was introduced with Postfix 3.0.
+.IP \fIinstallation_parameter\fB=\fIvalue\fR...
+Override the compiled\-in default value of the specified
+installation parameter(s). The following parameters are
+supported in this context:
+
+command_directory config_directory daemon_directory
+data_directory default_database_type html_directory
+mail_spool_directory mailq_path manpage_directory meta_directory
+newaliases_path queue_directory readme_directory sendmail_path
+shlib_directory openssl_path
+
+See the postconf(5) manpage for a description of these
+parameters.
+
+This feature was introduced with Postfix 3.0.
+.IP \fBWARN=\fIwarning_flags\fR
+Specifies non\-default gcc compiler warning options for use when
+"make" is invoked in a source subdirectory only.
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man1/newaliases.1 b/man/man1/newaliases.1
new file mode 100644
index 0000000..b12bf18
--- /dev/null
+++ b/man/man1/newaliases.1
@@ -0,0 +1 @@
+.so man1/sendmail.1
diff --git a/man/man1/postalias.1 b/man/man1/postalias.1
new file mode 100644
index 0000000..4c7f02b
--- /dev/null
+++ b/man/man1/postalias.1
@@ -0,0 +1,262 @@
+.TH POSTALIAS 1
+.ad
+.fi
+.SH NAME
+postalias
+\-
+Postfix alias database maintenance
+.SH "SYNOPSIS"
+.na
+.nf
+.fi
+\fBpostalias\fR [\fB\-Nfinoprsuvw\fR] [\fB\-c \fIconfig_dir\fR]
+[\fB\-d \fIkey\fR] [\fB\-q \fIkey\fR]
+ [\fIfile_type\fR:]\fIfile_name\fR ...
+.SH DESCRIPTION
+.ad
+.fi
+The \fBpostalias\fR(1) command creates or queries one or more Postfix
+alias databases, or updates an existing one. The input and output
+file formats are expected to be compatible with Sendmail version 8,
+and are expected to be suitable for use as NIS alias maps.
+
+If the result files do not exist they will be created with the
+same group and other read permissions as their source file.
+
+While a database update is in progress, signal delivery is
+postponed, and an exclusive, advisory, lock is placed on the
+entire database, in order to avoid surprises in spectator
+processes.
+
+The format of Postfix alias input files is described in
+\fBaliases\fR(5).
+
+By default the lookup key is mapped to lowercase to make
+the lookups case insensitive; as of Postfix 2.3 this case
+folding happens only with tables whose lookup keys are
+fixed\-case strings such as btree:, dbm: or hash:. With
+earlier versions, the lookup key is folded even with tables
+where a lookup field can match both upper and lower case
+text, such as regexp: and pcre:. This resulted in loss of
+information with $\fInumber\fR substitutions.
+
+Options:
+.IP "\fB\-c \fIconfig_dir\fR"
+Read the \fBmain.cf\fR configuration file in the named directory
+instead of the default configuration directory.
+.IP "\fB\-d \fIkey\fR"
+Search the specified maps for \fIkey\fR and remove one entry per map.
+The exit status is zero when the requested information was found.
+
+If a key value of \fB\-\fR is specified, the program reads key
+values from the standard input stream. The exit status is zero
+when at least one of the requested keys was found.
+.IP \fB\-f\fR
+Do not fold the lookup key to lower case while creating or querying
+a table.
+
+With Postfix version 2.3 and later, this option has no
+effect for regular expression tables. There, case folding
+is controlled by appending a flag to a pattern.
+.IP \fB\-i\fR
+Incremental mode. Read entries from standard input and do not
+truncate an existing database. By default, \fBpostalias\fR(1) creates
+a new database from the entries in \fIfile_name\fR.
+.IP \fB\-N\fR
+Include the terminating null character that terminates lookup keys
+and values. By default, \fBpostalias\fR(1) does whatever
+is the default for
+the host operating system.
+.IP \fB\-n\fR
+Don't include the terminating null character that terminates lookup
+keys and values. By default, \fBpostalias\fR(1) does whatever
+is the default for
+the host operating system.
+.IP \fB\-o\fR
+Do not release root privileges when processing a non\-root
+input file. By default, \fBpostalias\fR(1) drops root privileges
+and runs as the source file owner instead.
+.IP \fB\-p\fR
+Do not inherit the file access permissions from the input file
+when creating a new file. Instead, create a new file with default
+access permissions (mode 0644).
+.IP "\fB\-q \fIkey\fR"
+Search the specified maps for \fIkey\fR and write the first value
+found to the standard output stream. The exit status is zero
+when the requested information was found.
+
+Note: this performs a single query with the key as specified,
+and does not make iterative queries with substrings of the
+key as described in the aliases(5) manual page.
+
+If a key value of \fB\-\fR is specified, the program reads key
+values from the standard input stream and writes one line of
+\fIkey: value\fR output for each key that was found. The exit
+status is zero when at least one of the requested keys was found.
+.IP \fB\-r\fR
+When updating a table, do not complain about attempts to update
+existing entries, and make those updates anyway.
+.IP \fB\-s\fR
+Retrieve all database elements, and write one line of
+\fIkey: value\fR output for each element. The elements are
+printed in database order, which is not necessarily the same
+as the original input order.
+This feature is available in Postfix version 2.2 and later,
+and is not available for all database types.
+.IP \fB\-u\fR
+Disable UTF\-8 support. UTF\-8 support is enabled by default
+when "smtputf8_enable = yes". It requires that keys and
+values are valid UTF\-8 strings.
+.IP \fB\-v\fR
+Enable verbose logging for debugging purposes. Multiple \fB\-v\fR
+options make the software increasingly verbose.
+.IP \fB\-w\fR
+When updating a table, do not complain about attempts to update
+existing entries, and ignore those attempts.
+.PP
+Arguments:
+.IP \fIfile_type\fR
+The database type. To find out what types are supported, use
+the "\fBpostconf \-m\fR" command.
+
+The \fBpostalias\fR(1) command can query any supported file type,
+but it can create only the following file types:
+.RS
+.IP \fBbtree\fR
+The output is a btree file, named \fIfile_name\fB.db\fR.
+This is available on systems with support for \fBdb\fR databases.
+.IP \fBcdb\fR
+The output is one file named \fIfile_name\fB.cdb\fR.
+This is available on systems with support for \fBcdb\fR databases.
+.IP \fBdbm\fR
+The output consists of two files, named \fIfile_name\fB.pag\fR and
+\fIfile_name\fB.dir\fR.
+This is available on systems with support for \fBdbm\fR databases.
+.IP \fBfail\fR
+A table that reliably fails all requests. The lookup table
+name is used for logging only. This table exists to simplify
+Postfix error tests.
+.IP \fBhash\fR
+The output is a hashed file, named \fIfile_name\fB.db\fR.
+This is available on systems with support for \fBdb\fR databases.
+.IP \fBlmdb\fR
+The output is a btree\-based file, named \fIfile_name\fB.lmdb\fR.
+\fBlmdb\fR supports concurrent writes and reads from different
+processes, unlike other supported file\-based tables.
+This is available on systems with support for \fBlmdb\fR databases.
+.IP \fBsdbm\fR
+The output consists of two files, named \fIfile_name\fB.pag\fR and
+\fIfile_name\fB.dir\fR.
+This is available on systems with support for \fBsdbm\fR databases.
+.PP
+When no \fIfile_type\fR is specified, the software uses the database
+type specified via the \fBdefault_database_type\fR configuration
+parameter.
+The default value for this parameter depends on the host environment.
+.RE
+.IP \fIfile_name\fR
+The name of the alias database source file when creating a database.
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems are logged to the standard error stream and to
+\fBsyslogd\fR(8) or \fBpostlogd\fR(8). No output means that
+no problems were detected. Duplicate entries are skipped and are
+flagged with a warning.
+
+\fBpostalias\fR(1) terminates with zero exit status in case of success
+(including successful "\fBpostalias \-q\fR" lookup) and terminates
+with non\-zero exit status in case of failure.
+.SH "ENVIRONMENT"
+.na
+.nf
+.ad
+.fi
+.IP \fBMAIL_CONFIG\fR
+Directory with Postfix configuration files.
+.IP \fBMAIL_VERBOSE\fR
+Enable verbose logging for debugging purposes.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+The following \fBmain.cf\fR parameters are especially relevant to
+this program.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.IP "\fBalias_database (see 'postconf -d' output)\fR"
+The alias databases for \fBlocal\fR(8) delivery that are updated with
+"\fBnewaliases\fR" or with "\fBsendmail \-bi\fR".
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBberkeley_db_create_buffer_size (16777216)\fR"
+The per\-table I/O buffer size for programs that create Berkeley DB
+hash or btree tables.
+.IP "\fBberkeley_db_read_buffer_size (131072)\fR"
+The per\-table I/O buffer size for programs that read Berkeley DB
+hash or btree tables.
+.IP "\fBdefault_database_type (see 'postconf -d' output)\fR"
+The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1)
+and \fBpostmap\fR(1) commands.
+.IP "\fBimport_environment (see 'postconf -d' output)\fR"
+The list of environment variables that a privileged Postfix
+process will import from a non\-Postfix parent process, or name=value
+environment overrides.
+.IP "\fBsmtputf8_enable (yes)\fR"
+Enable preliminary SMTPUTF8 support for the protocols described
+in RFC 6531, RFC 6532, and RFC 6533.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix 2.11 and later:
+.IP "\fBlmdb_map_size (16777216)\fR"
+The initial OpenLDAP LMDB database size limit in bytes.
+.SH "STANDARDS"
+.na
+.nf
+RFC 822 (ARPA Internet Text Messages)
+.SH "SEE ALSO"
+.na
+.nf
+aliases(5), format of alias database input file.
+local(8), Postfix local delivery agent.
+postconf(1), supported database types
+postconf(5), configuration parameters
+postmap(1), create/update/query lookup tables
+newaliases(1), Sendmail compatibility interface.
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+DATABASE_README, Postfix lookup table overview
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man1/postcat.1 b/man/man1/postcat.1
new file mode 100644
index 0000000..eb3025b
--- /dev/null
+++ b/man/man1/postcat.1
@@ -0,0 +1,121 @@
+.TH POSTCAT 1
+.ad
+.fi
+.SH NAME
+postcat
+\-
+show Postfix queue file contents
+.SH "SYNOPSIS"
+.na
+.nf
+\fBpostcat\fR [\fB\-bdehnoqv\fR] [\fB\-c \fIconfig_dir\fR] [\fIfiles\fR...]
+.SH DESCRIPTION
+.ad
+.fi
+The \fBpostcat\fR(1) command prints the contents of the
+named \fIfiles\fR in human\-readable form. The files are
+expected to be in Postfix queue file format. If no \fIfiles\fR
+are specified on the command line, the program reads from
+standard input.
+
+By default, \fBpostcat\fR(1) shows the envelope and message
+content, as if the options \fB\-beh\fR were specified. To
+view message content only, specify \fB\-bh\fR (Postfix 2.7
+and later).
+
+Options:
+.IP \fB\-b\fR
+Show body content. The \fB\-b\fR option starts producing
+output at the first non\-header line, and stops when the end
+of the message is reached.
+.sp
+This feature is available in Postfix 2.7 and later.
+.IP "\fB\-c \fIconfig_dir\fR"
+The \fBmain.cf\fR configuration file is in the named directory
+instead of the default configuration directory.
+.IP \fB\-d\fR
+Print the decimal type of each record.
+.IP \fB\-e\fR
+Show message envelope content.
+.sp
+This feature is available in Postfix 2.7 and later.
+.IP \fB\-h\fR
+Show message header content. The \fB\-h\fR option produces
+output from the beginning of the message up to, but not
+including, the first non\-header line.
+.sp
+This feature is available in Postfix 2.7 and later.
+.IP \fB\-o\fR
+Print the queue file offset of each record.
+.IP \fB\-q\fR
+Search the Postfix queue for the named \fIfiles\fR instead
+of taking the names literally.
+
+This feature is available in Postfix 2.0 and later.
+.IP \fB\-r\fR
+Print records in file order, don't follow pointer records.
+
+This feature is available in Postfix 3.7 and later.
+.IP "\fB\-s \fIoffset\fR"
+Skip to the specified queue file offset.
+
+This feature is available in Postfix 3.7 and later.
+.IP \fB\-v\fR
+Enable verbose logging for debugging purposes. Multiple \fB\-v\fR
+options make the software increasingly verbose.
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems are reported to the standard error stream.
+.SH "ENVIRONMENT"
+.na
+.nf
+.ad
+.fi
+.IP \fBMAIL_CONFIG\fR
+Directory with Postfix configuration files.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+The following \fBmain.cf\fR parameters are especially relevant to
+this program.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBimport_environment (see 'postconf -d' output)\fR"
+The list of environment parameters that a privileged Postfix
+process will import from a non\-Postfix parent process, or name=value
+environment overrides.
+.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
+The location of the Postfix top\-level queue directory.
+.SH "FILES"
+.na
+.nf
+/var/spool/postfix, Postfix queue directory
+.SH "SEE ALSO"
+.na
+.nf
+postconf(5), Postfix configuration
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man1/postconf.1 b/man/man1/postconf.1
new file mode 100644
index 0000000..e422429
--- /dev/null
+++ b/man/man1/postconf.1
@@ -0,0 +1,610 @@
+.TH POSTCONF 1
+.ad
+.fi
+.SH NAME
+postconf
+\-
+Postfix configuration utility
+.SH "SYNOPSIS"
+.na
+.nf
+.fi
+.ti -4
+\fBManaging main.cf:\fR
+
+\fBpostconf\fR [\fB\-dfhHnopvx\fR] [\fB\-c \fIconfig_dir\fR]
+[\fB\-C \fIclass,...\fR] [\fIparameter ...\fR]
+
+\fBpostconf\fR [\fB\-epv\fR] [\fB\-c \fIconfig_dir\fR]
+\fIparameter\fB=\fIvalue ...\fR
+
+\fBpostconf\fR \fB\-#\fR [\fB\-pv\fR] [\fB\-c \fIconfig_dir\fR]
+\fIparameter ...\fR
+
+\fBpostconf\fR \fB\-X\fR [\fB\-pv\fR] [\fB\-c \fIconfig_dir\fR]
+\fIparameter ...\fR
+
+.ti -4
+\fBManaging master.cf service entries:\fR
+
+\fBpostconf\fR \fB\-M\fR [\fB\-fovx\fR] [\fB\-c \fIconfig_dir\fR]
+[\fIservice\fR[\fB/\fItype\fR]\fI ...\fR]
+
+\fBpostconf\fR \fB\-M\fR [\fB\-ev\fR] [\fB\-c \fIconfig_dir\fR]
+\fIservice\fB/\fItype\fB=\fIvalue ...\fR
+
+\fBpostconf\fR \fB\-M#\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR]
+\fIservice\fB/\fItype ...\fR
+
+\fBpostconf\fR \fB\-MX\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR]
+\fIservice\fB/\fItype ...\fR
+
+.ti -4
+\fBManaging master.cf service fields:\fR
+
+\fBpostconf\fR \fB\-F\fR [\fB\-fhHovx\fR] [\fB\-c \fIconfig_dir\fR]
+[\fIservice\fR[\fB/\fItype\fR[\fB/\fIfield\fR]]\fI ...\fR]
+
+\fBpostconf\fR \fB\-F\fR [\fB\-ev\fR] [\fB\-c \fIconfig_dir\fR]
+\fIservice\fB/\fItype\fB/\fIfield\fB=\fIvalue ...\fR
+
+.ti -4
+\fBManaging master.cf service parameters:\fR
+
+\fBpostconf\fR \fB\-P\fR [\fB\-fhHovx\fR] [\fB\-c \fIconfig_dir\fR]
+[\fIservice\fR[\fB/\fItype\fR[\fB/\fIparameter\fR]]\fI ...\fR]
+
+\fBpostconf\fR \fB\-P\fR [\fB\-ev\fR] [\fB\-c \fIconfig_dir\fR]
+\fIservice\fB/\fItype\fB/\fIparameter\fB=\fIvalue ...\fR
+
+\fBpostconf\fR \fB\-PX\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR]
+\fIservice\fB/\fItype\fB/\fIparameter ...\fR
+
+.ti -4
+\fBManaging bounce message templates:\fR
+
+\fBpostconf\fR \fB\-b\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR]
+[\fItemplate_file\fR]
+
+\fBpostconf\fR \fB\-t\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR]
+[\fItemplate_file\fR]
+
+.ti -4
+\fBManaging TLS features:\fR
+
+\fBpostconf\fR \fB\-T \fImode\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR]
+
+.ti -4
+\fBManaging other configuration:\fR
+
+\fBpostconf\fR \fB\-a\fR|\fB\-A\fR|\fB\-l\fR|\fB\-m\fR [\fB\-v\fR]
+[\fB\-c \fIconfig_dir\fR]
+.SH DESCRIPTION
+.ad
+.fi
+By default, the \fBpostconf\fR(1) command displays the
+values of \fBmain.cf\fR configuration parameters, and warns
+about possible mis\-typed parameter names (Postfix 2.9 and later).
+The command can also change \fBmain.cf\fR configuration
+parameter values, or display other configuration information
+about the Postfix mail system.
+
+Options:
+.IP \fB\-a\fR
+List the available SASL plug\-in types for the Postfix SMTP
+server. The plug\-in type is selected with the \fBsmtpd_sasl_type\fR
+configuration parameter by specifying one of the names
+listed below.
+.RS
+.IP \fBcyrus\fR
+This server plug\-in is available when Postfix is built with
+Cyrus SASL support.
+.IP \fBdovecot\fR
+This server plug\-in uses the Dovecot authentication server,
+and is available when Postfix is built with any form of SASL
+support.
+.RE
+.IP
+This feature is available with Postfix 2.3 and later.
+.IP \fB\-A\fR
+List the available SASL plug\-in types for the Postfix SMTP
+client. The plug\-in type is selected with the \fBsmtp_sasl_type\fR
+or \fBlmtp_sasl_type\fR configuration parameters by specifying
+one of the names listed below.
+.RS
+.IP \fBcyrus\fR
+This client plug\-in is available when Postfix is built with
+Cyrus SASL support.
+.RE
+.IP
+This feature is available with Postfix 2.3 and later.
+.IP "\fB\-b\fR [\fItemplate_file\fR]"
+Display the message text that appears at the beginning of
+delivery status notification (DSN) messages, expanding
+$\fBname\fR expressions with actual values as described in
+\fBbounce\fR(5).
+
+To override the \fBbounce_template_file\fR parameter setting,
+specify a template file name at the end of the "\fBpostconf
+\-b\fR" command line. Specify an empty file name to display
+built\-in templates (in shell language: "").
+
+This feature is available with Postfix 2.3 and later.
+.IP "\fB\-c \fIconfig_dir\fR"
+The \fBmain.cf\fR configuration file is in the named directory
+instead of the default configuration directory.
+.IP "\fB\-C \fIclass,...\fR"
+When displaying \fBmain.cf\fR parameters, select only
+parameters from the specified class(es):
+.RS
+.IP \fBbuiltin\fR
+Parameters with built\-in names.
+.IP \fBservice\fR
+Parameters with service\-defined names (the first field of
+a \fBmaster.cf\fR entry plus a Postfix\-defined suffix).
+.IP \fBuser\fR
+Parameters with user\-defined names.
+.IP \fBall\fR
+All the above classes.
+.RE
+.IP
+The default is as if "\fB\-C all\fR" is
+specified.
+
+This feature is available with Postfix 2.9 and later.
+.IP \fB\-d\fR
+Print \fBmain.cf\fR default parameter settings instead of
+actual settings.
+Specify \fB\-df\fR to fold long lines for human readability
+(Postfix 2.9 and later).
+.IP \fB\-e\fR
+Edit the \fBmain.cf\fR configuration file, and update
+parameter settings with the "\fIname=value\fR" pairs on the
+\fBpostconf\fR(1) command line.
+
+With \fB\-M\fR, edit the \fBmaster.cf\fR configuration file,
+and replace one or more service entries with new values as
+specified with "\fIservice/type=value\fR" on the \fBpostconf\fR(1)
+command line.
+
+With \fB\-F\fR, edit the \fBmaster.cf\fR configuration file,
+and replace one or more service fields with new values as
+specified with "\fIservice/type/field=value\fR" on the
+\fBpostconf\fR(1) command line. Currently, the "command"
+field contains the command name and command arguments. This
+may change in the near future, so that the "command" field
+contains only the command name, and a new "arguments"
+pseudofield contains the command arguments.
+
+With \fB\-P\fR, edit the \fBmaster.cf\fR configuration file,
+and add or update one or more service parameter settings
+(\-o parameter=value settings) with new values as specified
+with "\fIservice/type/parameter=value\fR" on the \fBpostconf\fR(1)
+command line.
+
+In all cases the file is copied to a temporary file then
+renamed into place. Specify quotes to protect special
+characters and whitespace on the \fBpostconf\fR(1) command
+line.
+
+The \fB\-e\fR option is no longer needed with Postfix version
+2.8 and later, as it is assumed whenever a value is specified
+(empty or non\-empty).
+.IP \fB\-f\fR
+Fold long lines when printing \fBmain.cf\fR or \fBmaster.cf\fR
+configuration file entries, for human readability.
+
+This feature is available with Postfix 2.9 and later.
+.IP \fB\-F\fR
+Show \fBmaster.cf\fR per\-entry field settings (by default
+all services and all fields), formatted as
+"\fIservice/type/field=value\fR", one per line. Specify
+\fB\-Ff\fR to fold long lines.
+
+Specify one or more "\fIservice/type/field\fR" instances
+on the \fBpostconf\fR(1) command line to limit the output
+to fields of interest. Trailing parameter name or service
+type fields that are omitted will be handled as "*" wildcard
+fields.
+
+This feature is available with Postfix 2.11 and later.
+.IP \fB\-h\fR
+Show parameter or attribute values without the "\fIname\fR = "
+label that normally precedes the value.
+.IP \fB\-H\fR
+Show parameter or attribute names without the " = \fIvalue\fR"
+that normally follows the name.
+
+This feature is available with Postfix 3.1 and later.
+.IP \fB\-l\fR
+List the names of all supported mailbox locking methods.
+Postfix supports the following methods:
+.RS
+.IP \fBflock\fR
+A kernel\-based advisory locking method for local files only.
+This locking method is available on systems with a BSD
+compatible library.
+.IP \fBfcntl\fR
+A kernel\-based advisory locking method for local and remote
+files.
+.IP \fBdotlock\fR
+An application\-level locking method. An application locks
+a file named \fIfilename\fR by creating a file named
+\fIfilename\fB.lock\fR. The application is expected to
+remove its own lock file, as well as stale lock files that
+were left behind after abnormal program termination.
+.RE
+.IP \fB\-m\fR
+List the names of all supported lookup table types. In
+Postfix configuration files, lookup tables are specified
+as \fItype\fB:\fIname\fR, where \fItype\fR is one of the
+types listed below. The table \fIname\fR syntax depends on
+the lookup table type as described in the DATABASE_README
+document.
+.RS
+.IP \fBbtree\fR
+A sorted, balanced tree structure. Available on systems
+with support for Berkeley DB databases.
+.IP \fBcdb\fR
+A read\-optimized structure with no support for incremental
+updates. Available on systems with support for CDB databases.
+
+This feature is available with Postfix 2.2 and later.
+.IP \fBcidr\fR
+A table that associates values with Classless Inter\-Domain
+Routing (CIDR) patterns. This is described in \fBcidr_table\fR(5).
+
+This feature is available with Postfix 2.2 and later.
+.IP \fBdbm\fR
+An indexed file type based on hashing. Available on systems
+with support for DBM databases.
+.IP \fBenviron\fR
+The UNIX process environment array. The lookup key is the
+environment variable name; the table name is ignored. Originally
+implemented for testing, someone may find this useful someday.
+.IP \fBfail\fR
+A table that reliably fails all requests. The lookup table
+name is used for logging. This table exists to simplify
+Postfix error tests.
+
+This feature is available with Postfix 2.9 and later.
+.IP \fBhash\fR
+An indexed file type based on hashing. Available on systems
+with support for Berkeley DB databases.
+.IP "\fBinline\fR (read\-only)"
+A non\-shared, in\-memory lookup table. Example: "\fBinline:{
+\fIkey\fB=\fIvalue\fB, { \fIkey\fB = \fItext with whitespace
+or comma\fB }}\fR". Key\-value pairs are separated by
+whitespace or comma; with a key\-value pair inside "\fB{}\fR",
+whitespace is ignored after the opening "\fB{\fR", around
+the "\fB=\fR" between key and value, and before the closing
+"\fB}\fR". Inline tables eliminate the need to create a
+database file for just a few fixed elements. See also the
+\fIstatic:\fR map type.
+
+This feature is available with Postfix 3.0 and later.
+.IP \fBinternal\fR
+A non\-shared, in\-memory hash table. Its content are lost
+when a process terminates.
+.IP "\fBlmdb\fR"
+OpenLDAP LMDB database (a memory\-mapped, persistent file).
+Available on systems with support for LMDB databases. This
+is described in \fBlmdb_table\fR(5).
+
+This feature is available with Postfix 2.11 and later.
+.IP "\fBldap\fR (read\-only)"
+LDAP database client. This is described in \fBldap_table\fR(5).
+.IP "\fBmemcache\fR"
+Memcache database client. This is described in
+\fBmemcache_table\fR(5).
+
+This feature is available with Postfix 2.9 and later.
+.IP "\fBmysql\fR (read\-only)"
+MySQL database client. Available on systems with support
+for MySQL databases. This is described in \fBmysql_table\fR(5).
+.IP "\fBpcre\fR (read\-only)"
+A lookup table based on Perl Compatible Regular Expressions.
+The file format is described in \fBpcre_table\fR(5).
+.IP "\fBpgsql\fR (read\-only)"
+PostgreSQL database client. This is described in
+\fBpgsql_table\fR(5).
+
+This feature is available with Postfix 2.1 and later.
+.IP "\fBpipemap\fR (read\-only)"
+A lookup table that constructs a pipeline of tables. Example:
+"\fBpipemap:{\fItype_1:name_1, ..., type_n:name_n\fB}\fR".
+Each "pipemap:" query is given to the first table. Each
+lookup result becomes the query for the next table in the
+pipeline, and the last table produces the final result.
+When any table lookup produces no result, the pipeline
+produces no result. The first and last characters of the
+"pipemap:" table name must be "\fB{\fR" and "\fB}\fR".
+Within these, individual maps are separated with comma or
+whitespace.
+
+This feature is available with Postfix 3.0 and later.
+.IP "\fBproxy\fR"
+Postfix \fBproxymap\fR(8) client for shared access to Postfix
+databases. The table name syntax is \fItype\fB:\fIname\fR.
+
+This feature is available with Postfix 2.0 and later.
+.IP "\fBrandmap\fR (read\-only)"
+An in\-memory table that performs random selection. Example:
+"\fBrandmap:{\fIresult_1, ..., result_n\fB}\fR". Each table query
+returns a random choice from the specified results. The first
+and last characters of the "randmap:" table name must be
+"\fB{\fR" and "\fB}\fR". Within these, individual results
+are separated with comma or whitespace. To give a specific
+result more weight, specify it multiple times.
+
+This feature is available with Postfix 3.0 and later.
+.IP "\fBregexp\fR (read\-only)"
+A lookup table based on regular expressions. The file format
+is described in \fBregexp_table\fR(5).
+.IP \fBsdbm\fR
+An indexed file type based on hashing. Available on systems
+with support for SDBM databases.
+
+This feature is available with Postfix 2.2 and later.
+.IP "\fBsocketmap\fR (read\-only)"
+Sendmail\-style socketmap client. The table name is
+\fBinet\fR:\fIhost\fR:\fIport\fR:\fIname\fR for a TCP/IP
+server, or \fBunix\fR:\fIpathname\fR:\fIname\fR for a
+UNIX\-domain server. This is described in \fBsocketmap_table\fR(5).
+
+This feature is available with Postfix 2.10 and later.
+.IP "\fBsqlite\fR (read\-only)"
+SQLite database. This is described in \fBsqlite_table\fR(5).
+
+This feature is available with Postfix 2.8 and later.
+.IP "\fBstatic\fR (read\-only)"
+A table that always returns its name as lookup result. For
+example, \fBstatic:foobar\fR always returns the string
+\fBfoobar\fR as lookup result. Specify "\fBstatic:{ \fItext
+with whitespace\fB }\fR" when the result contains whitespace;
+this form ignores whitespace after the opening "\fB{\fR"
+and before the closing
+"\fB}\fR". See also the \fIinline:\fR map.
+
+The form "\fBstatic:{\fItext\fB}\fR is available with Postfix
+3.0 and later.
+.IP "\fBtcp\fR (read\-only)"
+TCP/IP client. The protocol is described in \fBtcp_table\fR(5).
+.IP "\fBtexthash\fR (read\-only)"
+Produces similar results as hash: files, except that you
+don't need to run the \fBpostmap\fR(1) command before you
+can use the file, and that it does not detect changes after
+the file is read.
+
+This feature is available with Postfix 2.8 and later.
+.IP "\fBunionmap\fR (read\-only)"
+A table that sends each query to multiple lookup tables and
+that concatenates all found results, separated by comma.
+The table name syntax is the same as for \fBpipemap\fR.
+
+This feature is available with Postfix 3.0 and later.
+.IP "\fBunix\fR (read\-only)"
+A limited view of the UNIX authentication database. The
+following tables are implemented:
+.RS
+. IP \fBunix:passwd.byname\fR
+The table is the UNIX password database. The key is a login
+name. The result is a password file entry in \fBpasswd\fR(5)
+format.
+.IP \fBunix:group.byname\fR
+The table is the UNIX group database. The key is a group
+name. The result is a group file entry in \fBgroup\fR(5)
+format.
+.RE
+.RE
+.IP
+Other table types may exist depending on how Postfix was
+built.
+.IP \fB\-M\fR
+Show \fBmaster.cf\fR file contents instead of \fBmain.cf\fR
+file contents. Specify \fB\-Mf\fR to fold long lines for
+human readability.
+
+Specify zero or more arguments, each with a \fIservice\-name\fR
+or \fIservice\-name/service\-type\fR pair, where \fIservice\-name\fR
+is the first field of a master.cf entry and \fIservice\-type\fR
+is one of (\fBinet\fR, \fBunix\fR, \fBfifo\fR, or \fBpass\fR).
+
+If \fIservice\-name\fR or \fIservice\-name/service\-type\fR
+is specified, only the matching master.cf entries will be
+output. For example, "\fBpostconf \-Mf smtp\fR" will output
+all services named "smtp", and "\fBpostconf \-Mf smtp/inet\fR"
+will output only the smtp service that listens on the
+network. Trailing service type fields that are omitted
+will be handled as "*" wildcard fields.
+
+This feature is available with Postfix 2.9 and later. The
+syntax was changed from "\fIname.type\fR" to "\fIname/type\fR",
+and "*" wildcard support was added with Postfix 2.11.
+.IP \fB\-n\fR
+Show only configuration parameters that have explicit
+\fIname=value\fR settings in \fBmain.cf\fR. Specify \fB\-nf\fR
+to fold long lines for human readability (Postfix 2.9 and
+later). To show settings that differ from built\-in defaults
+only, use the following bash syntax:
+.nf
+ LANG=C comm \-23 <(postconf \-n) <(postconf \-d)
+.fi
+Replace "\-23" with "\-12" to show settings that duplicate
+built\-in defaults.
+.IP "\fB\-o \fIname=value\fR"
+Override \fBmain.cf\fR parameter settings. This lets you see
+the effect changing a parameter would have when it is used in
+other configuration parameters, e.g.:
+.nf
+ postconf \-x \-o stress=yes
+.fi
+
+This feature is available with Postfix 2.10 and later.
+.IP \fB\-p\fR
+Show \fBmain.cf\fR parameter settings. This is the default.
+
+This feature is available with Postfix 2.11 and later.
+.IP \fB\-P\fR
+Show \fBmaster.cf\fR service parameter settings (by default
+all services and all parameters), formatted as
+"\fIservice/type/parameter=value\fR", one per line. Specify
+\fB\-Pf\fR to fold long lines.
+
+Specify one or more "\fIservice/type/parameter\fR" instances
+on the \fBpostconf\fR(1) command line to limit the output
+to parameters of interest. Trailing parameter name or
+service type fields that are omitted will be handled as "*"
+wildcard fields.
+
+This feature is available with Postfix 2.11 and later.
+.IP "\fB\-t\fR [\fItemplate_file\fR]"
+Display the templates for text that appears at the beginning
+of delivery status notification (DSN) messages, without
+expanding $\fBname\fR expressions.
+
+To override the \fBbounce_template_file\fR parameter setting,
+specify a template file name at the end of the "\fBpostconf
+\-t\fR" command line. Specify an empty file name to display
+built\-in templates (in shell language: "").
+
+This feature is available with Postfix 2.3 and later.
+.IP "\fB\-T \fImode\fR"
+If Postfix is compiled without TLS support, the \fB\-T\fR option
+produces no output. Otherwise, if an invalid \fImode\fR is specified,
+the \fB\-T\fR option reports an error and exits with a non\-zero status
+code. The valid modes are:
+.RS
+.IP \fBcompile\-version\fR
+Output the OpenSSL version that Postfix was compiled with
+(i.e. the OpenSSL version in a header file). The output
+format is the same as with the command "\fBopenssl version\fR".
+.IP \fBrun\-version\fR
+Output the OpenSSL version that Postfix is linked with at
+runtime (i.e. the OpenSSL version in a shared library).
+.IP \fBpublic\-key\-algorithms\fR
+Output the lower\-case names of the supported public\-key
+algorithms, one per\-line.
+.RE
+.IP
+This feature is available with Postfix 3.1 and later.
+.IP \fB\-v\fR
+Enable verbose logging for debugging purposes. Multiple
+\fB\-v\fR options make the software increasingly verbose.
+.IP \fB\-x\fR
+Expand \fI$name\fR in \fBmain.cf\fR or \fBmaster.cf\fR
+parameter values. The expansion is recursive.
+
+This feature is available with Postfix 2.10 and later.
+.IP \fB\-X\fR
+Edit the \fBmain.cf\fR configuration file, and remove the
+parameters named on the \fBpostconf\fR(1) command line.
+Specify a list of parameter names, not "\fIname=value\fR"
+pairs.
+
+With \fB\-M\fR, edit the \fBmaster.cf\fR configuration file,
+and remove one or more service entries as specified with
+"\fIservice/type\fR" on the \fBpostconf\fR(1) command line.
+
+With \fB\-P\fR, edit the \fBmaster.cf\fR configuration file,
+and remove one or more service parameter settings (\-o
+parameter=value settings) as specified with
+"\fIservice/type/parameter\fR" on the \fBpostconf\fR(1)
+command line.
+
+In all cases the file is copied to a temporary file then
+renamed into place. Specify quotes to protect special
+characters on the \fBpostconf\fR(1) command line.
+
+There is no \fBpostconf\fR(1) command to perform the reverse
+operation.
+
+This feature is available with Postfix 2.10 and later.
+Support for \-M and \-P was added with Postfix 2.11.
+.IP \fB\-#\fR
+Edit the \fBmain.cf\fR configuration file, and comment out
+the parameters named on the \fBpostconf\fR(1) command line,
+so that those parameters revert to their default values.
+Specify a list of parameter names, not "\fIname=value\fR"
+pairs.
+
+With \fB\-M\fR, edit the \fBmaster.cf\fR configuration file,
+and comment out one or more service entries as specified
+with "\fIservice/type\fR" on the \fBpostconf\fR(1) command
+line.
+
+In all cases the file is copied to a temporary file then
+renamed into place. Specify quotes to protect special
+characters on the \fBpostconf\fR(1) command line.
+
+There is no \fBpostconf\fR(1) command to perform the reverse
+operation.
+
+This feature is available with Postfix 2.6 and later. Support
+for \-M was added with Postfix 2.11.
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems are reported to the standard error stream.
+.SH "ENVIRONMENT"
+.na
+.nf
+.ad
+.fi
+.IP \fBMAIL_CONFIG\fR
+Directory with Postfix configuration files.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+The following \fBmain.cf\fR parameters are especially
+relevant to this program.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBbounce_template_file (empty)\fR"
+Pathname of a configuration file with bounce message templates.
+.SH "FILES"
+.na
+.nf
+/etc/postfix/main.cf, Postfix configuration parameters
+/etc/postfix/master.cf, Postfix master daemon configuration
+.SH "SEE ALSO"
+.na
+.nf
+bounce(5), bounce template file format
+master(5), master.cf configuration file syntax
+postconf(5), main.cf configuration file syntax
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or "\fBpostconf
+html_directory\fR" to locate this information.
+.na
+.nf
+DATABASE_README, Postfix lookup table overview
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this
+software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man1/postdrop.1 b/man/man1/postdrop.1
new file mode 100644
index 0000000..23d6012
--- /dev/null
+++ b/man/man1/postdrop.1
@@ -0,0 +1,139 @@
+.TH POSTDROP 1
+.ad
+.fi
+.SH NAME
+postdrop
+\-
+Postfix mail posting utility
+.SH "SYNOPSIS"
+.na
+.nf
+\fBpostdrop\fR [\fB\-rv\fR] [\fB\-c \fIconfig_dir\fR]
+.SH DESCRIPTION
+.ad
+.fi
+The \fBpostdrop\fR(1) command creates a file in the \fBmaildrop\fR
+directory and copies its standard input to the file.
+
+Options:
+.IP "\fB\-c \fIconfig_dir\fR"
+The \fBmain.cf\fR configuration file is in the named directory
+instead of the default configuration directory. See also the
+MAIL_CONFIG environment setting below.
+.IP \fB\-r\fR
+Use a Postfix\-internal protocol for reading the message from
+standard input, and for reporting status information on standard
+output. This is currently the only supported method.
+.IP \fB\-v\fR
+Enable verbose logging for debugging purposes. Multiple \fB\-v\fR
+options make the software increasingly verbose. As of Postfix 2.3,
+this option is available for the super\-user only.
+.SH "SECURITY"
+.na
+.nf
+.ad
+.fi
+The command is designed to run with set\-group ID privileges, so
+that it can write to the \fBmaildrop\fR queue directory and so that
+it can connect to Postfix daemon processes.
+.SH DIAGNOSTICS
+.ad
+.fi
+Fatal errors: malformed input, I/O error, out of memory. Problems
+are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8) and to
+the standard error stream.
+When the input is incomplete, or when the process receives a HUP,
+INT, QUIT or TERM signal, the queue file is deleted.
+.SH "ENVIRONMENT"
+.na
+.nf
+.ad
+.fi
+.IP MAIL_CONFIG
+Directory with the \fBmain.cf\fR file. In order to avoid exploitation
+of set\-group ID privileges, a non\-standard directory is allowed only
+if:
+.RS
+.IP \(bu
+The name is listed in the standard \fBmain.cf\fR file with the
+\fBalternate_config_directories\fR configuration parameter.
+.IP \(bu
+The command is invoked by the super\-user.
+.RE
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+The following \fBmain.cf\fR parameters are especially relevant to
+this program.
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.IP "\fBalternate_config_directories (empty)\fR"
+A list of non\-default Postfix configuration directories that may
+be specified with "\-c config_directory" on the command line (in the
+case of \fBsendmail\fR(1), with the "\-C" option), or via the MAIL_CONFIG
+environment parameter.
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBimport_environment (see 'postconf -d' output)\fR"
+The list of environment parameters that a privileged Postfix
+process will import from a non\-Postfix parent process, or name=value
+environment overrides.
+.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
+The location of the Postfix top\-level queue directory.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.IP "\fBtrigger_timeout (10s)\fR"
+The time limit for sending a trigger to a Postfix daemon (for
+example, the \fBpickup\fR(8) or \fBqmgr\fR(8) daemon).
+.PP
+Available in Postfix version 2.2 and later:
+.IP "\fBauthorized_submit_users (static:anyone)\fR"
+List of users who are authorized to submit mail with the \fBsendmail\fR(1)
+command (and with the privileged \fBpostdrop\fR(1) helper command).
+.PP
+Available in Postfix version 3.6 and later:
+.IP "\fBlocal_login_sender_maps (static:*)\fR"
+A list of lookup tables that are searched by the UNIX login name,
+and that return a list of allowed envelope sender patterns separated
+by space or comma.
+.IP "\fBempty_address_local_login_sender_maps_lookup_key (<>)\fR"
+The lookup key to be used in local_login_sender_maps tables, instead
+of the null sender address.
+.IP "\fBrecipient_delimiter (empty)\fR"
+The set of characters that can separate an email address
+localpart, user name, or a .forward file name from its extension.
+.SH "FILES"
+.na
+.nf
+/var/spool/postfix/maildrop, maildrop queue
+.SH "SEE ALSO"
+.na
+.nf
+sendmail(1), compatibility interface
+postconf(5), configuration parameters
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man1/postfix-tls.1 b/man/man1/postfix-tls.1
new file mode 100644
index 0000000..4e8cb92
--- /dev/null
+++ b/man/man1/postfix-tls.1
@@ -0,0 +1,244 @@
+.TH POSTFIX-TLS 1
+.ad
+.fi
+.SH NAME
+postfix-tls
+\-
+Postfix TLS management
+.SH "SYNOPSIS"
+.na
+.nf
+\fBpostfix tls\fR \fIsubcommand\fR
+.SH DESCRIPTION
+.ad
+.fi
+The "\fBpostfix tls \fIsubcommand\fR" feature enables
+opportunistic TLS in the Postfix SMTP client or server, and
+manages Postfix SMTP server private keys and certificates.
+
+The following subcommands are available:
+.IP "\fBenable\-client\fR [\fB\-r \fIrandsource\fR]"
+Enable opportunistic TLS in the Postfix SMTP client, if all
+SMTP client TLS settings are at their default values.
+Otherwise, suggest parameter settings without making any
+changes.
+.sp
+Specify \fIrandsource\fR to update the value of the
+\fBtls_random_source\fR configuration parameter (typically,
+/dev/urandom). Prepend \fBdev:\fR to device paths or
+\fBegd:\fR to EGD socket paths.
+.sp
+See also the \fBall\-default\-client\fR subcommand.
+.IP "\fBenable\-server\fR [\fB\-r \fIrandsource\fR] [\fB\-a \fIalgorithm\fR] [\fB\-b \fIbits\fR] [\fIhostname\fB...\fR]"
+Create a new private key and self\-signed server certificate
+and enable opportunistic TLS in the Postfix SMTP server,
+if all SMTP server TLS settings are at their default values.
+Otherwise, suggest parameter settings without making any
+changes.
+.sp
+The \fIrandsource\fR parameter is as with \fBenable\-client\fR
+above, and the remaining options are as with \fBnew\-server\-key\fR
+below.
+.sp
+See also the \fBall\-default\-server\fR subcommand.
+.IP "\fBnew\-server\-key\fR [\fB\-a \fIalgorithm\fR] [\fB\-b \fIbits\fR] [\fIhostname\fB...\fR]"
+Create a new private key and self\-signed server certificate,
+but do not deploy them. Log and display commands to deploy
+the new key and corresponding certificate. Also log and
+display commands to output a corresponding CSR or TLSA
+records which may be needed to obtain a CA certificate or
+to update DNS before the new key can be deployed.
+.sp
+The \fIalgorithm\fR defaults to \fBrsa\fR, and \fIbits\fR
+defaults to 2048. If you choose the \fBecdsa\fR \fIalgorithm\fR
+then \fIbits\fR will be an EC curve name (by default
+\fBsecp256r1\fR, also known as prime256v1). Curves other
+than \fBsecp256r1\fR, \fBsecp384r1\fR or \fBsecp521r1\fR
+are unlikely to be widely interoperable. When generating
+EC keys, use one of these three. DSA keys are obsolete and
+are not supported.
+.sp
+Note: ECDSA support requires OpenSSL 1.0.0 or later and may
+not be available on your system. Not all client systems
+will support ECDSA, so you'll generally want to deploy both
+RSA and ECDSA certificates to make use of ECDSA with
+compatible clients and RSA with the rest. If you want to
+deploy certificate chains with intermediate CAs for both
+RSA and ECDSA, you'll want at least OpenSSL 1.0.2, as earlier
+versions may not handle multiple chain files correctly.
+.sp
+The first \fIhostname\fR argument will be the \fBCommonName\fR
+of both the subject and issuer of the self\-signed certificate.
+It, and any additional \fIhostname\fR arguments, will also
+be listed as DNS alternative names in the certificate. If
+no \fIhostname\fR is provided the value of the \fBmyhostname\fR
+main.cf parameter will be used.
+.sp
+For RSA, the generated private key and certificate files
+are named \fBkey\-\fIyyyymmdd\-hhmmss\fB.pem\fR and
+\fBcert\-\fIyyyymmdd\-hhmmss\fB.pem\fR, where \fIyyyymmdd\fR
+is the calendar date and \fIhhmmss\fR is the time of day
+in UTC. For ECDSA, the file names start with \fBeckey\-\fR
+and \fBeccert\-\fR instead of \fBkey\-\fR and \fBcert\-\fR
+respectively.
+.sp
+Before deploying the new key and certificate with DANE,
+update the DNS with new DANE TLSA records, then wait for
+secondary nameservers to update and then for stale records
+in remote DNS caches to expire.
+.sp
+Before deploying a new CA certificate make sure to include
+all the required intermediate issuing CA certificates in
+the certificate chain file. The server certificate must
+be the first certificate in the chain file. Overwrite and
+deploy the file with the original self\-signed certificate
+that was generated together with the key.
+.IP "\fBnew\-server\-cert\fR [\fB\-a \fIalgorithm\fR] [\fB\-b \fIbits\fR] [\fIhostname\fB...\fR]"
+This is just like \fBnew\-server\-key\fR except that, rather
+than generating a new private key, any currently deployed
+private key is copied to the new key file. Thus if you're
+publishing DANE TLSA "3 1 1" or "3 1 2" records, there is
+no need to update DNS records. The \fIalgorithm\fR and
+\fIbits\fR arguments are used only if no key of the same
+algorithm is already configured.
+.sp
+This command is rarely needed, because the self\-signed
+certificates generated have a 100\-year nominal expiration
+time. The underlying public key algorithms may well be
+obsoleted by quantum computers long before then.
+.sp
+The most plausible reason for using this command is when
+the system hostname changes, and you'd like the name in the
+certificate to match the new hostname (not required for
+DANE "3 1 1", but some needlessly picky non\-DANE opportunistic
+TLS clients may log warnings or even refuse to communicate).
+.IP "\fBdeploy\-server\-cert \fIcertfile\fB \fIkeyfile\fR"
+This subcommand deploys the certificates in \fIcertfile\fR
+and private key in \fIkeyfile\fR (which are typically
+generated by the commands above, which will also log and
+display the full command needed to deploy the generated key
+and certificate). After the new certificate and key are
+deployed any obsolete keys and certificates may be removed
+by hand. The \fIkeyfile\fR and \fIcertfile\fR filenames
+may be relative to the Postfix configuration directory.
+.IP "\fBoutput\-server\-csr\fR [\fB\-k \fIkeyfile\fR] [\fIhostname\fB...\fR]"
+Write to stdout a certificate signing request (CSR) for the
+specified \fIkeyfile\fR.
+.sp
+Instead of an absolute pathname or a pathname relative to
+$config_directory, \fIkeyfile\fR may specify one of the
+supported key algorithm names (see "\fBpostconf \-T
+public\-key\-algorithms\fR"). In that case, the corresponding
+setting from main.cf is used to locate the \fIkeyfile\fR.
+The default \fIkeyfile\fR value is \fBrsa\fR.
+.sp
+Zero or more \fIhostname\fR values can be specified. The
+default \fIhostname\fR is the value of \fBmyhostname\fR
+main.cf parameter.
+.IP "\fBoutput\-server\-tlsa\fR [\fB\-h \fIhostname\fR] [\fIkeyfile\fB...\fR]"
+Write to stdout a DANE TLSA RRset suitable for a port 25
+SMTP server on host \fIhostname\fR with keys from any of
+the specified \fIkeyfile\fR values. The default \fIhostname\fR
+is the value of the \fBmyhostname\fR main.cf parameter.
+.sp
+Instead of absolute pathnames or pathnames relative to
+$config_directory, the \fIkeyfile\fR list may specify
+names of supported public key algorithms (see "\fBpostconf
+\-T public\-key\-algorithms\fR"). In that case, the actual
+\fIkeyfile\fR list uses the values of the corresponding
+Postfix server TLS key file parameters. If a parameter
+value is empty or equal to \fBnone\fR, then no TLSA record
+is output for that algorithm.
+.sp
+The default \fIkeyfile\fR list consists of the two supported
+algorithms \fBrsa\fR and \fBecdsa\fR.
+.SH "AUXILIARY COMMANDS"
+.na
+.nf
+.IP "\fBall\-default\-client\fR"
+Exit with status 0 (success) if all SMTP client TLS settings are
+at their default values. Otherwise, exit with a non\-zero status.
+This is typically used as follows:
+.sp
+\fBpostfix tls all\-default\-client &&
+ postfix tls enable\-client\fR
+.IP "\fBall\-default\-server\fR"
+Exit with status 0 (success) if all SMTP server TLS settings are
+at their default values. Otherwise, exit with a non\-zero status.
+This is typically used as follows:
+.sp
+\fBpostfix tls all\-default\-server &&
+ postfix tls enable\-server\fR
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+The "\fBpostfix tls \fIsubcommand\fR" feature reads
+or updates the following configuration parameters.
+.IP "\fBcommand_directory (see 'postconf -d' output)\fR"
+The location of all postfix administrative commands.
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBopenssl_path (openssl)\fR"
+The location of the OpenSSL command line program \fBopenssl\fR(1).
+.IP "\fBsmtp_tls_loglevel (0)\fR"
+Enable additional Postfix SMTP client logging of TLS activity.
+.IP "\fBsmtp_tls_security_level (empty)\fR"
+The default SMTP TLS security level for the Postfix SMTP client.
+.IP "\fBsmtp_tls_session_cache_database (empty)\fR"
+Name of the file containing the optional Postfix SMTP client
+TLS session cache.
+.IP "\fBsmtpd_tls_cert_file (empty)\fR"
+File with the Postfix SMTP server RSA certificate in PEM format.
+.IP "\fBsmtpd_tls_eccert_file (empty)\fR"
+File with the Postfix SMTP server ECDSA certificate in PEM format.
+.IP "\fBsmtpd_tls_eckey_file ($smtpd_tls_eccert_file)\fR"
+File with the Postfix SMTP server ECDSA private key in PEM format.
+.IP "\fBsmtpd_tls_key_file ($smtpd_tls_cert_file)\fR"
+File with the Postfix SMTP server RSA private key in PEM format.
+.IP "\fBsmtpd_tls_loglevel (0)\fR"
+Enable additional Postfix SMTP server logging of TLS activity.
+.IP "\fBsmtpd_tls_received_header (no)\fR"
+Request that the Postfix SMTP server produces Received: message
+headers that include information about the protocol and cipher used,
+as well as the remote SMTP client CommonName and client certificate issuer
+CommonName.
+.IP "\fBsmtpd_tls_security_level (empty)\fR"
+The SMTP TLS security level for the Postfix SMTP server; when
+a non\-empty value is specified, this overrides the obsolete parameters
+smtpd_use_tls and smtpd_enforce_tls.
+.IP "\fBtls_random_source (see 'postconf -d' output)\fR"
+The external entropy source for the in\-memory \fBtlsmgr\fR(8) pseudo
+random number generator (PRNG) pool.
+.SH "SEE ALSO"
+.na
+.nf
+master(8) Postfix master program
+postfix(1) Postfix administrative interface
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+TLS_README, Postfix TLS configuration and operation
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH HISTORY
+.ad
+.fi
+The "\fBpostfix tls\fR" command was introduced with Postfix
+version 3.1.
+.SH "AUTHOR(S)"
+.na
+.nf
+Viktor Dukhovni
diff --git a/man/man1/postfix.1 b/man/man1/postfix.1
new file mode 100644
index 0000000..c3ad0d8
--- /dev/null
+++ b/man/man1/postfix.1
@@ -0,0 +1,434 @@
+.TH POSTFIX 1
+.ad
+.fi
+.SH NAME
+postfix
+\-
+Postfix control program
+.SH "SYNOPSIS"
+.na
+.nf
+.fi
+\fBpostfix\fR [\fB\-Dv\fR] [\fB\-c \fIconfig_dir\fR] \fIcommand\fR
+.SH DESCRIPTION
+.ad
+.fi
+This command is reserved for the superuser. To submit mail,
+use the Postfix \fBsendmail\fR(1) command.
+
+The \fBpostfix\fR(1) command controls the operation of the Postfix
+mail system: start or stop the \fBmaster\fR(8) daemon, do a health
+check, and other maintenance.
+
+By default, the \fBpostfix\fR(1) command sets up a standardized
+environment and runs the \fBpostfix\-script\fR shell script
+to do the actual work.
+
+However, when support for multiple Postfix instances is
+configured, \fBpostfix\fR(1) executes the command specified
+with the \fBmulti_instance_wrapper\fR configuration parameter.
+This command will execute the \fIcommand\fR for each
+applicable Postfix instance.
+
+The following commands are implemented:
+.IP \fBcheck\fR
+Warn about bad directory/file ownership or permissions,
+and create missing directories.
+.IP \fBstart\fR
+Start the Postfix mail system. This also runs the configuration
+check described above.
+.IP \fBstart\-fg\fR
+Like \fBstart\fR, but keep the \fBmaster\fR(8) daemon running
+in the foreground, and enable \fBmaster\fR(8) "init" mode
+when running as PID 1.
+This command requires that multi\-instance support is
+disabled (i.e. the multi_instance_directories parameter
+value must be empty).
+
+When running Postfix inside a container, see MAILLOG_README
+for logging to stdout. Postfix logs to syslog by default,
+which requires a) running a syslogd process inside the
+container, or b) mounting the container host's /dev/log
+socket inside the container (example: "docker run \-v
+/dev/log:/dev/log ..."), and c) a distinct Postfix "syslog_name"
+prefix that identifies logging from the Postfix instance.
+.IP \fBstop\fR
+Stop the Postfix mail system in an orderly fashion. If
+possible, running processes are allowed to terminate at
+their earliest convenience.
+.sp
+Note: in order to refresh the Postfix mail system after a
+configuration change, do not use the \fBstart\fR and \fBstop\fR
+commands in succession. Use the \fBreload\fR command instead.
+.IP \fBabort\fR
+Stop the Postfix mail system abruptly. Running processes are
+signaled to stop immediately.
+.IP \fBflush\fR
+Force delivery: attempt to deliver every message in the deferred
+mail queue. Normally, attempts to deliver delayed mail happen at
+regular intervals, the interval doubling after each failed attempt.
+.sp
+Warning: flushing undeliverable mail frequently will result in
+poor delivery performance of all other mail.
+.IP \fBreload\fR
+Re\-read configuration files. Running processes terminate at their
+earliest convenience.
+.IP \fBstatus\fR
+Indicate if the Postfix mail system is currently running
+(zero exit status) or stopped (non\-zero exit status).
+.IP "\fBset\-permissions\fR [\fIname\fR=\fIvalue ...\fR]"
+Set the ownership and permissions of Postfix related files and
+directories, as specified in the \fBpostfix\-files\fR file.
+.sp
+Specify \fIname\fR=\fIvalue\fR to override and update specific
+main.cf configuration parameters. Use this, for example, to
+change the \fBmail_owner\fR or \fBsetgid_group\fR setting for an
+already installed Postfix system.
+.sp
+This feature is available in Postfix 2.1 and later. With
+Postfix 2.0 and earlier, use "\fB$config_directory/post\-install
+set\-permissions\fR".
+.IP "\fBlogrotate\fR"
+Rotate the logfile specified with $maillog_file, by appending
+a time\-stamp suffix that is formatted according to
+$maillog_file_rotate_suffix, and by compressing the file
+with the command specified with $maillog_file_compressor.
+This will not rotate /dev/* files.
+.sp
+This feature is available in Postfix 3.4 and later.
+.IP "\fBtls\fR \fIsubcommand\fR"
+Enable opportunistic TLS in the Postfix SMTP client or
+server, and manage Postfix SMTP server TLS private keys and
+certificates. See postfix\-tls(1) for documentation.
+.sp
+This feature is available in Postfix 3.1 and later.
+.IP "\fBupgrade\-configuration\fR [\fIname\fR=\fIvalue ...\fR]"
+Update the \fBmain.cf\fR and \fBmaster.cf\fR files with information
+that Postfix needs in order to run: add or update services, and add
+or update configuration parameter settings.
+.sp
+Specify \fIname\fR=\fIvalue\fR to override and update specific
+main.cf configuration parameters.
+.sp
+This feature is available in Postfix 2.1 and later. With
+Postfix 2.0 and earlier, use "\fB$config_directory/post\-install
+upgrade\-configuration\fR".
+.PP
+The following options are implemented:
+.IP "\fB\-c \fIconfig_dir\fR"
+Read the \fBmain.cf\fR and \fBmaster.cf\fR configuration files in
+the named directory instead of the default configuration directory.
+Use this to distinguish between multiple Postfix instances on the
+same host.
+
+With Postfix 2.6 and later, this option forces the postfix(1)
+command to operate on the specified Postfix instance only.
+This behavior is inherited by postfix(1) commands that run
+as a descendant of the current process.
+.IP "\fB\-D\fR (with \fBpostfix start\fR only)"
+Run each Postfix daemon under control of a debugger as specified
+via the \fBdebugger_command\fR configuration parameter.
+.IP \fB\-v\fR
+Enable verbose logging for debugging purposes. Multiple \fB\-v\fR
+options make the software increasingly verbose.
+.SH "ENVIRONMENT"
+.na
+.nf
+.ad
+.fi
+The \fBpostfix\fR(1) command exports the following environment
+variables before executing the \fBpostfix\-script\fR file:
+.IP \fBMAIL_CONFIG\fR
+This is set when the \-c command\-line option is present.
+
+With Postfix 2.6 and later, this environment variable forces
+the postfix(1) command to operate on the specified Postfix
+instance only. This behavior is inherited by postfix(1)
+commands that run as a descendant of the current process.
+.IP \fBMAIL_VERBOSE\fR
+This is set when the \-v command\-line option is present.
+.IP \fBMAIL_DEBUG\fR
+This is set when the \-D command\-line option is present.
+.PP
+When the internal logging service is enabled (by setting a
+non\-empty maillog_file parameter value) the postfix(1)
+command exports settings that are used by child processes
+before they have processed main.cf or command\-line settings.
+.IP \fBPOSTLOG_SERVICE
+The name of the public postlog service endpoint.
+.IP \fBPOSTLOG_HOSTNAME
+The hostname to prepend to internal logging.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+The following \fBmain.cf\fR configuration parameters are
+exported as environment variables with the same names:
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBcommand_directory (see 'postconf -d' output)\fR"
+The location of all postfix administrative commands.
+.IP "\fBdaemon_directory (see 'postconf -d' output)\fR"
+The directory with Postfix support programs and daemon programs.
+.IP "\fBhtml_directory (see 'postconf -d' output)\fR"
+The location of Postfix HTML files that describe how to build,
+configure or operate a specific Postfix subsystem or feature.
+.IP "\fBmail_owner (postfix)\fR"
+The UNIX system account that owns the Postfix queue and most Postfix
+daemon processes.
+.IP "\fBmailq_path (see 'postconf -d' output)\fR"
+Sendmail compatibility feature that specifies where the Postfix
+\fBmailq\fR(1) command is installed.
+.IP "\fBmanpage_directory (see 'postconf -d' output)\fR"
+Where the Postfix manual pages are installed.
+.IP "\fBnewaliases_path (see 'postconf -d' output)\fR"
+Sendmail compatibility feature that specifies the location of the
+\fBnewaliases\fR(1) command.
+.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
+The location of the Postfix top\-level queue directory.
+.IP "\fBreadme_directory (see 'postconf -d' output)\fR"
+The location of Postfix README files that describe how to build,
+configure or operate a specific Postfix subsystem or feature.
+.IP "\fBsendmail_path (see 'postconf -d' output)\fR"
+A Sendmail compatibility feature that specifies the location of
+the Postfix \fBsendmail\fR(1) command.
+.IP "\fBsetgid_group (postdrop)\fR"
+The group ownership of set\-gid Postfix commands and of group\-writable
+Postfix directories.
+.PP
+Available in Postfix version 2.5 and later:
+.IP "\fBdata_directory (see 'postconf -d' output)\fR"
+The directory with Postfix\-writable data files (for example:
+caches, pseudo\-random numbers).
+.PP
+Available in Postfix version 3.0 and later:
+.IP "\fBcompatibility_level (0)\fR"
+A safety net that causes Postfix to run with backwards\-compatible
+default settings after an upgrade to a newer Postfix version.
+.IP "\fBmeta_directory (see 'postconf -d' output)\fR"
+The location of non\-executable files that are shared among
+multiple Postfix instances, such as postfix\-files, dynamicmaps.cf,
+and the multi\-instance template files main.cf.proto and master.cf.proto.
+.IP "\fBshlib_directory (see 'postconf -d' output)\fR"
+The location of Postfix dynamically\-linked libraries
+(libpostfix\-*.so), and the default location of Postfix database
+plugins (postfix\-*.so) that have a relative pathname in the
+dynamicmaps.cf file.
+.PP
+Available in Postfix version 3.1 and later:
+.IP "\fBopenssl_path (openssl)\fR"
+The location of the OpenSSL command line program \fBopenssl\fR(1).
+.PP
+Other configuration parameters:
+.IP "\fBimport_environment (see 'postconf -d' output)\fR"
+The list of environment variables that a privileged Postfix
+process will import from a non\-Postfix parent process, or name=value
+environment overrides.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix version 2.6 and later:
+.IP "\fBmulti_instance_directories (empty)\fR"
+An optional list of non\-default Postfix configuration directories;
+these directories belong to additional Postfix instances that share
+the Postfix executable files and documentation with the default
+Postfix instance, and that are started, stopped, etc., together
+with the default Postfix instance.
+.IP "\fBmulti_instance_wrapper (empty)\fR"
+The pathname of a multi\-instance manager command that the
+\fBpostfix\fR(1) command invokes when the multi_instance_directories
+parameter value is non\-empty.
+.IP "\fBmulti_instance_group (empty)\fR"
+The optional instance group name of this Postfix instance.
+.IP "\fBmulti_instance_name (empty)\fR"
+The optional instance name of this Postfix instance.
+.IP "\fBmulti_instance_enable (no)\fR"
+Allow this Postfix instance to be started, stopped, etc., by a
+multi\-instance manager.
+.PP
+Available in Postfix version 3.4 and later:
+.IP "\fBmaillog_file (empty)\fR"
+The name of an optional logfile that is written by the Postfix
+\fBpostlogd\fR(8) service.
+.IP "\fBmaillog_file_compressor (gzip)\fR"
+The program to run after rotating $maillog_file with "postfix
+logrotate".
+.IP "\fBmaillog_file_prefixes (/var, /dev/stdout)\fR"
+A list of allowed prefixes for a maillog_file value.
+.IP "\fBmaillog_file_rotate_suffix (%Y%m%d\-%H%M%S)\fR"
+The format of the suffix to append to $maillog_file while rotating
+the file with "postfix logrotate".
+.IP "\fBpostlog_service_name (postlog)\fR"
+The name of the \fBpostlogd\fR(8) service entry in master.cf.
+.SH "FILES"
+.na
+.nf
+.ad
+.fi
+Prior to Postfix version 2.6, all of the following files
+were in \fB$config_directory\fR. Some files are now in
+\fB$daemon_directory\fR or \fB$meta_directory\fR so that they
+can be shared among multiple instances that run the same Postfix
+version.
+
+Use the command "\fBpostconf config_directory\fR" or
+"\fBpostconf daemon_directory\fR" to expand the names
+into their actual values.
+.na
+.nf
+
+$config_directory/main.cf, Postfix configuration parameters
+$config_directory/master.cf, Postfix daemon processes
+$daemon_directory/postfix\-script, administrative commands
+$daemon_directory/post\-install, post\-installation configuration
+$meta_directory/dynamicmaps.cf, plug\-in database clients
+$meta_directory/postfix\-files, file/directory permissions
+.SH "SEE ALSO"
+.na
+.nf
+Commands:
+postalias(1), create/update/query alias database
+postcat(1), examine Postfix queue file
+postconf(1), Postfix configuration utility
+postdrop(1), Postfix mail posting utility
+postfix(1), Postfix control program
+postfix\-tls(1), Postfix TLS management
+postkick(1), trigger Postfix daemon
+postlock(1), Postfix\-compatible locking
+postlog(1), Postfix\-compatible logging
+postmap(1), Postfix lookup table manager
+postmulti(1), Postfix multi\-instance manager
+postqueue(1), Postfix mail queue control
+postsuper(1), Postfix housekeeping
+mailq(1), Sendmail compatibility interface
+newaliases(1), Sendmail compatibility interface
+sendmail(1), Sendmail compatibility interface
+
+Postfix configuration:
+bounce(5), Postfix bounce message templates
+master(5), Postfix master.cf file syntax
+postconf(5), Postfix main.cf file syntax
+postfix\-wrapper(5), Postfix multi\-instance API
+
+Table\-driven mechanisms:
+access(5), Postfix SMTP access control table
+aliases(5), Postfix alias database
+canonical(5), Postfix input address rewriting
+generic(5), Postfix output address rewriting
+header_checks(5), body_checks(5), Postfix content inspection
+relocated(5), Users that have moved
+transport(5), Postfix routing table
+virtual(5), Postfix virtual aliasing
+
+Table lookup mechanisms:
+cidr_table(5), Associate CIDR pattern with value
+ldap_table(5), Postfix LDAP client
+lmdb_table(5), Postfix LMDB database driver
+memcache_table(5), Postfix memcache client
+mysql_table(5), Postfix MYSQL client
+nisplus_table(5), Postfix NIS+ client
+pcre_table(5), Associate PCRE pattern with value
+pgsql_table(5), Postfix PostgreSQL client
+regexp_table(5), Associate POSIX regexp pattern with value
+socketmap_table(5), Postfix socketmap client
+sqlite_table(5), Postfix SQLite database driver
+tcp_table(5), Postfix client\-server table lookup
+
+Daemon processes:
+anvil(8), Postfix connection/rate limiting
+bounce(8), defer(8), trace(8), Delivery status reports
+cleanup(8), canonicalize and enqueue message
+discard(8), Postfix discard delivery agent
+dnsblog(8), DNS allow/denylist logger
+error(8), Postfix error delivery agent
+flush(8), Postfix fast ETRN service
+local(8), Postfix local delivery agent
+master(8), Postfix master daemon
+oqmgr(8), old Postfix queue manager
+pickup(8), Postfix local mail pickup
+pipe(8), deliver mail to non\-Postfix command
+postlogd(8), Postfix internal logging service
+postscreen(8), Postfix zombie blocker
+proxymap(8), Postfix lookup table proxy server
+qmgr(8), Postfix queue manager
+qmqpd(8), Postfix QMQP server
+scache(8), Postfix connection cache manager
+showq(8), list Postfix mail queue
+smtp(8), lmtp(8), Postfix SMTP+LMTP client
+smtpd(8), Postfix SMTP server
+spawn(8), run non\-Postfix server
+tlsmgr(8), Postfix TLS cache and randomness manager
+tlsproxy(8), Postfix TLS proxy server
+trivial\-rewrite(8), Postfix address rewriting
+verify(8), Postfix address verification
+virtual(8), Postfix virtual delivery agent
+
+Other:
+syslogd(8), system logging
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+OVERVIEW, overview of Postfix commands and processes
+BASIC_CONFIGURATION_README, Postfix basic configuration
+ADDRESS_REWRITING_README, Postfix address rewriting
+SMTPD_ACCESS_README, SMTP relay/access control
+CONTENT_INSPECTION_README, Postfix content inspection
+QSHAPE_README, Postfix queue analysis
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
+
+TLS support by:
+Lutz Jaenicke
+Brandenburg University of Technology
+Cottbus, Germany
+
+Victor Duchovni
+Morgan Stanley
+
+SASL support originally by:
+Till Franke
+SuSE Rhein/Main AG
+65760 Eschborn, Germany
+
+LMTP support originally by:
+Philip A. Prindeville
+Mirapoint, Inc.
+USA.
+
+Amos Gouaux
+University of Texas at Dallas
+P.O. Box 830688, MC34
+Richardson, TX 75083, USA
+
+IPv6 support originally by:
+Mark Huizer, Eindhoven University, The Netherlands
+Jun\-ichiro 'itojun' Hagino, KAME project, Japan
+The Linux PLD project
+Dean Strik, Eindhoven University, The Netherlands
diff --git a/man/man1/postkick.1 b/man/man1/postkick.1
new file mode 100644
index 0000000..6cd0ef6
--- /dev/null
+++ b/man/man1/postkick.1
@@ -0,0 +1,102 @@
+.TH POSTKICK 1
+.ad
+.fi
+.SH NAME
+postkick
+\-
+kick a Postfix service
+.SH "SYNOPSIS"
+.na
+.nf
+.fi
+\fBpostkick\fR [\fB\-c \fIconfig_dir\fR] [\fB\-v\fR]
+\fIclass service request\fR
+.SH DESCRIPTION
+.ad
+.fi
+The \fBpostkick\fR(1) command sends \fIrequest\fR to the
+specified \fIservice\fR over a local transport channel.
+This command makes Postfix private IPC accessible
+for use in, for example, shell scripts.
+
+Options:
+.IP "\fB\-c\fR \fIconfig_dir\fR"
+Read the \fBmain.cf\fR configuration file in the named directory
+instead of the default configuration directory.
+.IP \fB\-v\fR
+Enable verbose logging for debugging purposes. Multiple \fB\-v\fR
+options make the software increasingly verbose.
+.PP
+Arguments:
+.IP \fIclass\fR
+Name of a class of local transport channel endpoints,
+either \fBpublic\fR (accessible by any local user) or
+\fBprivate\fR (administrative access only).
+.IP \fIservice\fR
+The name of a local transport endpoint within the named class.
+.IP \fIrequest\fR
+A string. The list of valid requests is service\-specific.
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems and transactions are logged to the standard error
+stream.
+.SH "ENVIRONMENT"
+.na
+.nf
+.ad
+.fi
+.IP \fBMAIL_CONFIG\fR
+Directory with Postfix configuration files.
+.IP \fBMAIL_VERBOSE\fR
+Enable verbose logging for debugging purposes.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+The following \fBmain.cf\fR parameters are especially relevant to
+this program.
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBapplication_event_drain_time (100s)\fR"
+How long the \fBpostkick\fR(1) command waits for a request to enter the
+Postfix daemon process input buffer before giving up.
+.IP "\fBimport_environment (see 'postconf -d' output)\fR"
+The list of environment parameters that a privileged Postfix
+process will import from a non\-Postfix parent process, or name=value
+environment overrides.
+.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
+The location of the Postfix top\-level queue directory.
+.SH "FILES"
+.na
+.nf
+/var/spool/postfix/private, private class endpoints
+/var/spool/postfix/public, public class endpoints
+.SH "SEE ALSO"
+.na
+.nf
+qmgr(8), queue manager trigger protocol
+pickup(8), local pickup daemon
+postconf(5), configuration parameters
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man1/postlock.1 b/man/man1/postlock.1
new file mode 100644
index 0000000..cd468e7
--- /dev/null
+++ b/man/man1/postlock.1
@@ -0,0 +1,126 @@
+.TH POSTLOCK 1
+.ad
+.fi
+.SH NAME
+postlock
+\-
+lock mail folder and execute command
+.SH "SYNOPSIS"
+.na
+.nf
+.fi
+\fBpostlock\fR [\fB\-c \fIconfig_dir\fR] [\fB\-l \fIlock_style\fR]
+ [\fB\-v\fR] \fIfile command...\fR
+.SH DESCRIPTION
+.ad
+.fi
+The \fBpostlock\fR(1) command locks \fIfile\fR for exclusive
+access, and executes \fIcommand\fR. The locking method is
+compatible with the Postfix UNIX\-style local delivery agent.
+
+Options:
+.IP "\fB\-c \fIconfig_dir\fR"
+Read the \fBmain.cf\fR configuration file in the named directory
+instead of the default configuration directory.
+.IP "\fB\-l \fIlock_style\fR"
+Override the locking method specified via the
+\fBmailbox_delivery_lock\fR configuration parameter (see below).
+.IP \fB\-v\fR
+Enable verbose logging for debugging purposes. Multiple \fB\-v\fR
+options make the software increasingly verbose.
+.PP
+Arguments:
+.IP \fIfile\fR
+A mailbox file. The user should have read/write permission.
+.IP \fIcommand...\fR
+The command to execute while \fIfile\fR is locked for exclusive
+access. The command is executed directly, i.e. without
+interpretation by a shell command interpreter.
+.SH DIAGNOSTICS
+.ad
+.fi
+The result status is 75 (EX_TEMPFAIL) when \fBpostlock\fR(1)
+could not perform the requested operation. Otherwise, the
+exit status is the exit status from the command.
+.SH BUGS
+.ad
+.fi
+With remote file systems, the ability to acquire a lock does not
+necessarily eliminate access conflicts. Avoid file access by
+processes running on different machines.
+.SH "ENVIRONMENT"
+.na
+.nf
+.ad
+.fi
+.IP \fBMAIL_CONFIG\fR
+Directory with Postfix configuration files.
+.IP \fBMAIL_VERBOSE\fR
+Enable verbose logging for debugging purposes.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+The following \fBmain.cf\fR parameters are especially relevant to
+this program.
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.SH "LOCKING CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBdeliver_lock_attempts (20)\fR"
+The maximal number of attempts to acquire an exclusive lock on a
+mailbox file or \fBbounce\fR(8) logfile.
+.IP "\fBdeliver_lock_delay (1s)\fR"
+The time between attempts to acquire an exclusive lock on a mailbox
+file or \fBbounce\fR(8) logfile.
+.IP "\fBstale_lock_time (500s)\fR"
+The time after which a stale exclusive mailbox lockfile is removed.
+.IP "\fBmailbox_delivery_lock (see 'postconf -d' output)\fR"
+How to lock a UNIX\-style \fBlocal\fR(8) mailbox before attempting delivery.
+.SH "RESOURCE AND RATE CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBfork_attempts (5)\fR"
+The maximal number of attempts to fork() a child process.
+.IP "\fBfork_delay (1s)\fR"
+The delay between attempts to fork() a child process.
+.SH "MISCELLANEOUS CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBimport_environment (see 'postconf -d' output)\fR"
+The list of environment parameters that a privileged Postfix
+process will import from a non\-Postfix parent process, or name=value
+environment overrides.
+.SH "SEE ALSO"
+.na
+.nf
+postconf(5), configuration parameters
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man1/postlog.1 b/man/man1/postlog.1
new file mode 100644
index 0000000..52bd815
--- /dev/null
+++ b/man/man1/postlog.1
@@ -0,0 +1,125 @@
+.TH POSTLOG 1
+.ad
+.fi
+.SH NAME
+postlog
+\-
+Postfix\-compatible logging utility
+.SH "SYNOPSIS"
+.na
+.nf
+.fi
+.ad
+\fBpostlog\fR [\fB\-iv\fR] [\fB\-c \fIconfig_dir\fR]
+[\fB\-p \fIpriority\fR] [\fB\-t \fItag\fR] [\fItext...\fR]
+.SH DESCRIPTION
+.ad
+.fi
+The \fBpostlog\fR(1) command implements a Postfix\-compatible logging
+interface for use in, for example, shell scripts.
+
+By default, \fBpostlog\fR(1) logs the \fItext\fR given on the command
+line as one record. If no \fItext\fR is specified on the command
+line, \fBpostlog\fR(1) reads from standard input and logs each input
+line as one record.
+
+By default, logging is sent to \fBsyslogd\fR(8) or
+\fBpostlogd\fR(8); when the
+standard error stream is connected to a terminal, logging
+is sent there as well.
+
+The following options are implemented:
+.IP "\fB\-c \fIconfig_dir\fR"
+Read the \fBmain.cf\fR configuration file in the named directory
+instead of the default configuration directory.
+.IP "\fB\-i\fR (obsolete)"
+Include the process ID in the logging tag. This flag is ignored as
+of Postfix 3.4, where the PID is always included.
+.IP "\fB\-p \fIpriority\fR (default: \fBinfo\fR)"
+Specifies the logging severity: \fBinfo\fR, \fBwarn\fR,
+\fBerror\fR, \fBfatal\fR, or \fBpanic\fR. With Postfix 3.1
+and later, the program will pause for 1 second after reporting
+a \fBfatal\fR or \fBpanic\fR condition, just like other
+Postfix programs.
+.IP "\fB\-t \fItag\fR"
+Specifies the logging tag, that is, the identifying name that
+appears at the beginning of each logging record. A default tag
+is used when none is specified.
+.IP \fB\-v\fR
+Enable verbose logging for debugging purposes. Multiple \fB\-v\fR
+options make the software increasingly verbose.
+.SH "SECURITY"
+.na
+.nf
+.ad
+.fi
+The \fBpostlog\fR(1) command is designed to run with
+set\-groupid privileges, so that it can connect to the
+\fBpostlogd\fR(8) daemon process (Postfix 3.7 and later;
+earlier implementations of this command must not have
+set\-groupid or set\-userid permissions).
+.SH "ENVIRONMENT"
+.na
+.nf
+.ad
+.fi
+.IP MAIL_CONFIG
+Directory with the \fBmain.cf\fR file.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+The following \fBmain.cf\fR parameters are especially relevant to
+this program.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBimport_environment (see 'postconf -d' output)\fR"
+The list of environment variables that a privileged Postfix
+process will import from a non\-Postfix parent process, or name=value
+environment overrides.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix 3.4 and later:
+.IP "\fBmaillog_file (empty)\fR"
+The name of an optional logfile that is written by the Postfix
+\fBpostlogd\fR(8) service.
+.IP "\fBpostlog_service_name (postlog)\fR"
+The name of the \fBpostlogd\fR(8) service entry in master.cf.
+.SH "SEE ALSO"
+.na
+.nf
+postconf(5), configuration parameters
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH HISTORY
+.ad
+.fi
+The \fBpostlog\fR(1) command was introduced with Postfix
+version 3.4.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man1/postmap.1 b/man/man1/postmap.1
new file mode 100644
index 0000000..d2551e5
--- /dev/null
+++ b/man/man1/postmap.1
@@ -0,0 +1,343 @@
+.TH POSTMAP 1
+.ad
+.fi
+.SH NAME
+postmap
+\-
+Postfix lookup table management
+.SH "SYNOPSIS"
+.na
+.nf
+.fi
+\fBpostmap\fR [\fB\-bfFhimnNoprsuUvw\fR] [\fB\-c \fIconfig_dir\fR]
+[\fB\-d \fIkey\fR] [\fB\-q \fIkey\fR]
+ [\fIfile_type\fR:]\fIfile_name\fR ...
+.SH DESCRIPTION
+.ad
+.fi
+The \fBpostmap\fR(1) command creates or queries one or more Postfix
+lookup tables, or updates an existing one.
+
+If the result files do not exist they will be created with the
+same group and other read permissions as their source file.
+
+While the table update is in progress, signal delivery is
+postponed, and an exclusive, advisory, lock is placed on the
+entire table, in order to avoid surprises in spectator
+processes.
+.SH "INPUT FILE FORMAT"
+.na
+.nf
+.ad
+.fi
+The format of a lookup table input file is as follows:
+.IP \(bu
+A table entry has the form
+.sp
+.nf
+ \fIkey\fR whitespace \fIvalue\fR
+.fi
+.IP \(bu
+Empty lines and whitespace\-only lines are ignored, as
+are lines whose first non\-whitespace character is a `#'.
+.IP \(bu
+A logical line starts with non\-whitespace text. A line that
+starts with whitespace continues a logical line.
+.PP
+The \fIkey\fR and \fIvalue\fR are processed as is, except that
+surrounding white space is stripped off. Whitespace in lookup
+keys is supported in Postfix 3.2 and later, by surrounding the
+key with double quote characters `"'. Within the double quotes,
+double quote `"' and backslash `\\' characters can be included
+by quoting them with a preceding backslash.
+
+When the \fB\-F\fR option is given, the \fIvalue\fR must
+specify one or more filenames separated by comma and/or
+whitespace; \fBpostmap\fR(1) will concatenate the file
+content (with a newline character inserted between files)
+and will store the base64\-encoded result instead of the
+\fIvalue\fR.
+
+When the \fIkey\fR specifies email address information, the
+localpart should be enclosed with double quotes if required
+by RFC 5322. For example, an address localpart that contains
+";", or a localpart that starts or ends with ".".
+
+By default the lookup key is mapped to lowercase to make
+the lookups case insensitive; as of Postfix 2.3 this case
+folding happens only with tables whose lookup keys are
+fixed\-case strings such as btree:, dbm: or hash:. With
+earlier versions, the lookup key is folded even with tables
+where a lookup field can match both upper and lower case
+text, such as regexp: and pcre:. This resulted in loss of
+information with $\fInumber\fR substitutions.
+.SH "COMMAND-LINE ARGUMENTS"
+.na
+.nf
+.ad
+.fi
+.IP \fB\-b\fR
+Enable message body query mode. When reading lookup keys
+from standard input with "\fB\-q \-\fR", process the input
+as if it is an email message in RFC 5322 format. Each line
+of body content becomes one lookup key.
+.sp
+By default, the \fB\-b\fR option starts generating lookup
+keys at the first non\-header line, and stops when the end
+of the message is reached.
+To simulate \fBbody_checks\fR(5) processing, enable MIME
+parsing with \fB\-m\fR. With this, the \fB\-b\fR option
+generates no body\-style lookup keys for attachment MIME
+headers and for attached message/* headers.
+.sp
+NOTE: with "smtputf8_enable = yes", the \fB\-b\fR option
+disables UTF\-8 syntax checks on query keys and lookup
+results. Specify the \fB\-U\fR option to force UTF\-8
+syntax checks anyway.
+.sp
+This feature is available in Postfix version 2.6 and later.
+.IP "\fB\-c \fIconfig_dir\fR"
+Read the \fBmain.cf\fR configuration file in the named directory
+instead of the default configuration directory.
+.IP "\fB\-d \fIkey\fR"
+Search the specified maps for \fIkey\fR and remove one entry per map.
+The exit status is zero when the requested information was found.
+
+If a key value of \fB\-\fR is specified, the program reads key
+values from the standard input stream. The exit status is zero
+when at least one of the requested keys was found.
+.IP \fB\-f\fR
+Do not fold the lookup key to lower case while creating or querying
+a table.
+
+With Postfix version 2.3 and later, this option has no
+effect for regular expression tables. There, case folding
+is controlled by appending a flag to a pattern.
+.IP \fB\-F\fR
+When querying a map, or listing a map, base64\-decode each
+value. When creating a map from source file, process each
+value as a list of filenames, concatenate the content of
+those files, and store the base64\-encoded result instead
+of the value (see INPUT FILE FORMAT for details).
+.sp
+This feature is available in Postfix version 3.4 and later.
+.IP \fB\-h\fR
+Enable message header query mode. When reading lookup keys
+from standard input with "\fB\-q \-\fR", process the input
+as if it is an email message in RFC 5322 format. Each
+logical header line becomes one lookup key. A multi\-line
+header becomes one lookup key with one or more embedded
+newline characters.
+.sp
+By default, the \fB\-h\fR option generates lookup keys until
+the first non\-header line is reached.
+To simulate \fBheader_checks\fR(5) processing, enable MIME
+parsing with \fB\-m\fR. With this, the \fB\-h\fR option also
+generates header\-style lookup keys for attachment MIME
+headers and for attached message/* headers.
+.sp
+NOTE: with "smtputf8_enable = yes", the \fB\-b\fR option
+option disables UTF\-8 syntax checks on query keys and
+lookup results. Specify the \fB\-U\fR option to force UTF\-8
+syntax checks anyway.
+.sp
+This feature is available in Postfix version 2.6 and later.
+.IP \fB\-i\fR
+Incremental mode. Read entries from standard input and do not
+truncate an existing database. By default, \fBpostmap\fR(1) creates
+a new database from the entries in \fBfile_name\fR.
+.IP \fB\-m\fR
+Enable MIME parsing with "\fB\-b\fR" and "\fB\-h\fR".
+.sp
+This feature is available in Postfix version 2.6 and later.
+.IP \fB\-N\fR
+Include the terminating null character that terminates lookup keys
+and values. By default, \fBpostmap\fR(1) does whatever is
+the default for
+the host operating system.
+.IP \fB\-n\fR
+Don't include the terminating null character that terminates lookup
+keys and values. By default, \fBpostmap\fR(1) does whatever
+is the default for
+the host operating system.
+.IP \fB\-o\fR
+Do not release root privileges when processing a non\-root
+input file. By default, \fBpostmap\fR(1) drops root privileges
+and runs as the source file owner instead.
+.IP \fB\-p\fR
+Do not inherit the file access permissions from the input file
+when creating a new file. Instead, create a new file with default
+access permissions (mode 0644).
+.IP "\fB\-q \fIkey\fR"
+Search the specified maps for \fIkey\fR and write the first value
+found to the standard output stream. The exit status is zero
+when the requested information was found.
+
+Note: this performs a single query with the key as specified,
+and does not make iterative queries with substrings of the
+key as described for access(5), canonical(5), transport(5),
+virtual(5) and other Postfix table\-driven features.
+
+If a key value of \fB\-\fR is specified, the program reads key
+values from the standard input stream and writes one line of
+\fIkey value\fR output for each key that was found. The exit
+status is zero when at least one of the requested keys was found.
+.IP \fB\-r\fR
+When updating a table, do not complain about attempts to update
+existing entries, and make those updates anyway.
+.IP \fB\-s\fR
+Retrieve all database elements, and write one line of
+\fIkey value\fR output for each element. The elements are
+printed in database order, which is not necessarily the same
+as the original input order.
+.sp
+This feature is available in Postfix version 2.2 and later,
+and is not available for all database types.
+.IP \fB\-u\fR
+Disable UTF\-8 support. UTF\-8 support is enabled by default
+when "smtputf8_enable = yes". It requires that keys and
+values are valid UTF\-8 strings.
+.IP \fB\-U\fR
+With "smtputf8_enable = yes", force UTF\-8 syntax checks
+with the \fB\-b\fR and \fB\-h\fR options.
+.IP \fB\-v\fR
+Enable verbose logging for debugging purposes. Multiple \fB\-v\fR
+options make the software increasingly verbose.
+.IP \fB\-w\fR
+When updating a table, do not complain about attempts to update
+existing entries, and ignore those attempts.
+.PP
+Arguments:
+.IP \fIfile_type\fR
+The database type. To find out what types are supported, use
+the "\fBpostconf \-m\fR" command.
+
+The \fBpostmap\fR(1) command can query any supported file type,
+but it can create only the following file types:
+.RS
+.IP \fBbtree\fR
+The output file is a btree file, named \fIfile_name\fB.db\fR.
+This is available on systems with support for \fBdb\fR databases.
+.IP \fBcdb\fR
+The output consists of one file, named \fIfile_name\fB.cdb\fR.
+This is available on systems with support for \fBcdb\fR databases.
+.IP \fBdbm\fR
+The output consists of two files, named \fIfile_name\fB.pag\fR and
+\fIfile_name\fB.dir\fR.
+This is available on systems with support for \fBdbm\fR databases.
+.IP \fBfail\fR
+A table that reliably fails all requests. The lookup table
+name is used for logging only. This table exists to simplify
+Postfix error tests.
+.IP \fBhash\fR
+The output file is a hashed file, named \fIfile_name\fB.db\fR.
+This is available on systems with support for \fBdb\fR databases.
+.IP \fBlmdb\fR
+The output is a btree\-based file, named \fIfile_name\fB.lmdb\fR.
+\fBlmdb\fR supports concurrent writes and reads from different
+processes, unlike other supported file\-based tables.
+This is available on systems with support for \fBlmdb\fR databases.
+.IP \fBsdbm\fR
+The output consists of two files, named \fIfile_name\fB.pag\fR and
+\fIfile_name\fB.dir\fR.
+This is available on systems with support for \fBsdbm\fR databases.
+.PP
+When no \fIfile_type\fR is specified, the software uses the database
+type specified via the \fBdefault_database_type\fR configuration
+parameter.
+.RE
+.IP \fIfile_name\fR
+The name of the lookup table source file when rebuilding a database.
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems are logged to the standard error stream and to
+\fBsyslogd\fR(8) or \fBpostlogd\fR(8).
+No output means that no problems were detected. Duplicate entries are
+skipped and are flagged with a warning.
+
+\fBpostmap\fR(1) terminates with zero exit status in case of success
+(including successful "\fBpostmap \-q\fR" lookup) and terminates
+with non\-zero exit status in case of failure.
+.SH "ENVIRONMENT"
+.na
+.nf
+.ad
+.fi
+.IP \fBMAIL_CONFIG\fR
+Directory with Postfix configuration files.
+.IP \fBMAIL_VERBOSE\fR
+Enable verbose logging for debugging purposes.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+The following \fBmain.cf\fR parameters are especially relevant to
+this program.
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.IP "\fBberkeley_db_create_buffer_size (16777216)\fR"
+The per\-table I/O buffer size for programs that create Berkeley DB
+hash or btree tables.
+.IP "\fBberkeley_db_read_buffer_size (131072)\fR"
+The per\-table I/O buffer size for programs that read Berkeley DB
+hash or btree tables.
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBdefault_database_type (see 'postconf -d' output)\fR"
+The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1)
+and \fBpostmap\fR(1) commands.
+.IP "\fBimport_environment (see 'postconf -d' output)\fR"
+The list of environment variables that a privileged Postfix
+process will import from a non\-Postfix parent process, or name=value
+environment overrides.
+.IP "\fBsmtputf8_enable (yes)\fR"
+Enable preliminary SMTPUTF8 support for the protocols described
+in RFC 6531, RFC 6532, and RFC 6533.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix 2.11 and later:
+.IP "\fBlmdb_map_size (16777216)\fR"
+The initial OpenLDAP LMDB database size limit in bytes.
+.SH "SEE ALSO"
+.na
+.nf
+postalias(1), create/update/query alias database
+postconf(1), supported database types
+postconf(5), configuration parameters
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+DATABASE_README, Postfix lookup table overview
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man1/postmulti.1 b/man/man1/postmulti.1
new file mode 100644
index 0000000..6db035e
--- /dev/null
+++ b/man/man1/postmulti.1
@@ -0,0 +1,434 @@
+.TH POSTMULTI 1
+.ad
+.fi
+.SH NAME
+postmulti
+\-
+Postfix multi\-instance manager
+.SH "SYNOPSIS"
+.na
+.nf
+.fi
+.ti -4
+\fBEnabling multi\-instance management:\fR
+
+\fBpostmulti\fR \fB\-e init\fR [\fB\-v\fR]
+
+.ti -4
+\fBIterator mode:\fR
+
+\fBpostmulti\fR \fB\-l\fR [\fB\-aRv\fR] [\fB\-g \fIgroup\fR]
+[\fB\-i \fIname\fR]
+
+\fBpostmulti\fR \fB\-p\fR [\fB\-av\fR] [\fB\-g \fIgroup\fR]
+[\fB\-i \fIname\fR] \fIpostfix\-command...\fR
+
+\fBpostmulti\fR \fB\-x\fR [\fB\-aRv\fR] [\fB\-g \fIgroup\fR]
+[\fB\-i \fIname\fR] \fIunix\-command...\fR
+
+.ti -4
+\fBLife\-cycle management:\fR
+
+\fBpostmulti\fR \fB\-e create\fR [\fB\-av\fR]
+[\fB\-g \fIgroup\fR] [\fB\-i \fIname\fR] [\fB\-G \fIgroup\fR]
+[\fB\-I \fIname\fR] [\fIparam=value\fR ...]
+
+\fBpostmulti\fR \fB\-e import\fR [\fB\-av\fR]
+[\fB\-g \fIgroup\fR] [\fB\-i \fIname\fR] [\fB\-G \fIgroup\fR]
+[\fB\-I \fIname\fR] [\fBconfig_directory=\fI/path\fR]
+
+\fBpostmulti\fR \fB\-e destroy\fR [\fB\-v\fR] \fB\-i \fIname\fR
+
+\fBpostmulti\fR \fB\-e deport\fR [\fB\-v\fR] \fB\-i \fIname\fR
+
+\fBpostmulti\fR \fB\-e enable\fR [\fB\-v\fR] \fB\-i \fIname\fR
+
+\fBpostmulti\fR \fB\-e disable\fR [\fB\-v\fR] \fB\-i \fIname\fR
+
+\fBpostmulti\fR \fB\-e assign\fR [\fB\-v\fR] \fB\-i \fIname\fR
+[\fB\-I \fIname\fR] [\-G \fIgroup\fR]
+.SH DESCRIPTION
+.ad
+.fi
+The \fBpostmulti\fR(1) command allows a Postfix administrator
+to manage multiple Postfix instances on a single host.
+
+\fBpostmulti\fR(1) implements two fundamental modes of
+operation. In \fBiterator\fR mode, it executes the same
+command for multiple Postfix instances. In \fBlife\-cycle
+management\fR mode, it adds or deletes one instance, or
+changes the multi\-instance status of one instance.
+
+Each mode of operation has its own command syntax. For this
+reason, each mode is documented in separate sections below.
+.SH "BACKGROUND"
+.na
+.nf
+.ad
+.fi
+A multi\-instance configuration consists of one primary
+Postfix instance, and one or more secondary instances whose
+configuration directory pathnames are recorded in the primary
+instance's main.cf file. Postfix instances share program
+files and documentation, but have their own configuration,
+queue and data directories.
+
+Currently, only the default Postfix instance can be used
+as primary instance in a multi\-instance configuration. The
+\fBpostmulti\fR(1) command does not currently support a \fB\-c\fR
+option to select an alternative primary instance, and exits
+with a fatal error if the \fBMAIL_CONFIG\fR environment
+variable is set to a non\-default configuration directory.
+
+See the MULTI_INSTANCE_README tutorial for a more detailed
+discussion of multi\-instance management with \fBpostmulti\fR(1).
+.SH "ITERATOR MODE"
+.na
+.nf
+.ad
+.fi
+In iterator mode, \fBpostmulti\fR performs the same operation
+on all Postfix instances in turn.
+
+If multi\-instance support is not enabled, the requested
+command is performed just for the primary instance.
+.PP
+Iterator mode implements the following command options:
+.SH "Instance selection"
+.IP \fB\-a\fR
+Perform the operation on all instances. This is the default.
+.IP "\fB\-g \fIgroup\fR"
+Perform the operation only for members of the named \fIgroup\fR.
+.IP "\fB\-i \fIname\fR"
+Perform the operation only for the instance with the specified
+\fIname\fR. You can specify either the instance name
+or the absolute pathname of the instance's configuration
+directory. Specify "\-" to select the primary Postfix instance.
+.IP \fB\-R\fR
+Reverse the iteration order. This may be appropriate when
+updating a multi\-instance system, where "sink" instances
+are started before "source" instances.
+.sp
+This option cannot be used with \fB\-p\fR.
+.SH "List mode"
+.IP \fB\-l\fR
+List Postfix instances with their instance name, instance
+group name, enable/disable status and configuration directory.
+.SH "Postfix\-wrapper mode"
+.IP "\fB\-p \fIpostfix\-command\fR"
+Invoke \fBpostfix(1)\fR to execute \fIpostfix\-command\fR.
+This option implements the \fBpostfix\-wrapper\fR(5) interface.
+.RS
+.IP \(bu
+With "start"\-like commands, "postfix check" is executed for
+instances that are not enabled. The full list of commands
+is specified with the postmulti_start_commands parameter.
+.IP \(bu
+With "stop"\-like commands, the iteration order is reversed,
+and disabled instances are skipped. The full list of commands
+is specified with the postmulti_stop_commands parameter.
+.IP \(bu
+With "reload" and other commands that require a started
+instance, disabled instances are skipped. The full list of
+commands is specified with the postmulti_control_commands
+parameter.
+.IP \(bu
+With "status" and other commands that don't require a started
+instance, the command is executed for all instances.
+.RE
+.IP
+The \fB\-p\fR option can also be used interactively to
+start/stop/etc. a named instance or instance group. For
+example, to start just the instances in the group "msa",
+invoke \fBpostmulti\fR(1) as follows:
+.RS
+.IP
+# postmulti \-g msa \-p start
+.RE
+.SH "Command mode"
+.IP "\fB\-x \fIunix\-command\fR"
+Execute the specified \fIunix\-command\fR for all Postfix instances.
+The command runs with appropriate environment settings for
+MAIL_CONFIG, command_directory, daemon_directory,
+config_directory, queue_directory, data_directory,
+multi_instance_name, multi_instance_group and
+multi_instance_enable.
+.SH "Other options"
+.IP \fB\-v\fR
+Enable verbose logging for debugging purposes. Multiple
+\fB\-v\fR options make the software increasingly verbose.
+.SH "LIFE-CYCLE MANAGEMENT MODE"
+.na
+.nf
+.ad
+.fi
+With the \fB\-e\fR option \fBpostmulti\fR(1) can be used to
+add or delete a Postfix instance, and to manage the
+multi\-instance status of an existing instance.
+.PP
+The following options are implemented:
+.SH "Existing instance selection"
+.IP \fB\-a\fR
+When creating or importing an instance, place the new
+instance at the front of the secondary instance list.
+.IP "\fB\-g \fIgroup\fR"
+When creating or importing an instance, place the new
+instance before the first secondary instance that is a
+member of the specified group.
+.IP "\fB\-i \fIname\fR"
+When creating or importing an instance, place the new
+instance before the matching secondary instance.
+.sp
+With other life\-cycle operations, apply the operation to
+the named existing instance. Specify "\-" to select the
+primary Postfix instance.
+.SH "New or existing instance name assignment"
+.IP "\fB\-I \fIname\fR"
+Assign the specified instance \fIname\fR to an existing
+instance, newly\-created instance, or imported instance.
+Instance
+names other than "\-" (which makes the instance "nameless")
+must start with "postfix\-". This restriction reduces the
+likelihood of name collisions with system files.
+.IP "\fB\-G \fIgroup\fR"
+Assign the specified \fIgroup\fR name to an existing instance
+or to a newly created or imported instance.
+.SH "Instance creation/deletion/status change"
+.IP "\fB\-e \fIaction\fR"
+"Edit" managed instances. The following actions are supported:
+.RS
+.IP \fBinit\fR
+This command is required before \fBpostmulti\fR(1) can be
+used to manage Postfix instances. The "postmulti \-e init"
+command updates the primary instance's main.cf file by
+setting:
+.RS
+.IP
+.nf
+multi_instance_wrapper =
+ ${command_directory}/postmulti \-p \-\-
+multi_instance_enable = yes
+.fi
+.RE
+.IP
+You can set these by other means if you prefer.
+.IP \fBcreate\fR
+Create a new Postfix instance and add it to the
+multi_instance_directories parameter of the primary instance.
+The "\fB\-I \fIname\fR" option is recommended to give the
+instance a short name that is used to construct default
+values for the private directories of the new instance. The
+"\fB\-G \fIgroup\fR" option may be specified to assign the
+instance to a group, otherwise, the new instance is not a
+member of any group.
+.sp
+The new instance main.cf is the stock main.cf with the
+parameters that specify the locations of shared files cloned
+from the primary instance. For "nameless" instances, you
+should manually adjust "syslog_name" to yield a unique
+"logtag" starting with "postfix\-" that will uniquely identify
+the instance in the mail logs. It is simpler to assign the
+instance a short name with the "\fB\-I \fIname\fR" option.
+.sp
+Optional "name=value" arguments specify the instance
+config_directory, queue_directory and data_directory.
+For example:
+.RS
+.IP
+.nf
+# postmulti \-I postfix\-mumble \e
+ \-G mygroup \-e create \e
+ config_directory=/my/config/dir \e
+ queue_directory=/my/queue/dir \e
+ data_directory=/my/data/dir
+.fi
+.RE
+.IP
+If any of these pathnames is not supplied, the program
+attempts to generate the missing pathname(s) by taking the
+corresponding primary instance pathname, and replacing the
+last pathname component by the value of the \fB\-I\fR option.
+.sp
+If the instance configuration directory already exists, and
+contains both a main.cf and master.cf file, \fBcreate\fR
+will "import" the instance as\-is. For existing instances,
+\fBcreate\fR and \fBimport\fR are identical.
+.IP \fBimport\fR
+Import an existing instance into the list of instances
+managed by the \fBpostmulti\fR(1) multi\-instance manager.
+This adds the instance to the multi_instance_directories
+list of the primary instance. If the "\fB\-I \fIname\fR"
+option is provided it specifies the new name for the instance
+and is used to define a default location for the instance
+configuration directory (as with \fBcreate\fR above). The
+"\fB\-G \fIgroup\fR" option may be used to assign the instance
+to a group. Add a "\fBconfig_directory=\fI/path\fR" argument
+to override a default pathname based on "\fB\-I \fIname\fR".
+.IP \fBdestroy\fR
+Destroy a secondary Postfix instance. To be a candidate for
+destruction an instance must be disabled, stopped and its
+queue must not contain any messages. Attempts to destroy
+the primary Postfix instance trigger a fatal error, without
+destroying the instance.
+.sp
+The instance is removed from the primary instance main.cf
+file's alternate_config_directories parameter and its data,
+queue and configuration directories are cleaned of files
+and directories created by the Postfix system. The main.cf
+and master.cf files are removed from the configuration
+directory even if they have been modified since initial
+creation. Finally, the instance is "deported" from the list
+of managed instances.
+.sp
+If other files are present in instance private directories,
+the directories may not be fully removed, a warning is
+logged to alert the administrator. It is expected that an
+instance built using "fresh" directories via the \fBcreate\fR
+action will be fully removed by the \fBdestroy\fR action
+(if first disabled). If the instance configuration and queue
+directories are populated with additional files (access and
+rewriting tables, chroot jail content, etc.) the instance
+directories will not be fully removed.
+.sp
+The \fBdestroy\fR action triggers potentially dangerous
+file removal operations. Make sure the instance's data,
+queue and configuration directories are set correctly and
+do not contain any valuable files.
+.IP \fBdeport\fR
+Deport a secondary instance from the list of managed
+instances. This deletes the instance configuration directory
+from the primary instance's multi_instance_directories list,
+but does not remove any files or directories.
+.IP \fBassign\fR
+Assign a new instance name or a new group name to the
+selected instance. Use "\fB\-G \-\fR" to specify "no group"
+and "\fB\-I \-\fR" to specify "no name". If you choose to
+make an instance "nameless", set a suitable syslog_name in
+the corresponding main.cf file.
+.IP \fBenable\fR
+Mark the selected instance as enabled. This just sets the
+multi_instance_enable parameter to "yes" in the instance's
+main.cf file.
+.IP \fBdisable\fR
+Mark the selected instance as disabled. This means that
+the instance will not be started etc. with "postfix start",
+"postmulti \-p start" and so on. The instance can still be
+started etc. with "postfix \-c config\-directory start".
+.SH "Other options"
+.IP \fB\-v\fR
+Enable verbose logging for debugging purposes. Multiple
+\fB\-v\fR options make the software increasingly verbose.
+.RE
+.SH "ENVIRONMENT"
+.na
+.nf
+.ad
+.fi
+The \fBpostmulti\fR(1) command exports the following environment
+variables before executing the requested \fIcommand\fR for a given
+instance:
+.IP \fBMAIL_VERBOSE\fR
+This is set when the \-v command\-line option is present.
+.IP \fBMAIL_CONFIG\fR
+The location of the configuration directory of the instance.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBdaemon_directory (see 'postconf -d' output)\fR"
+The directory with Postfix support programs and daemon programs.
+.IP "\fBimport_environment (see 'postconf -d' output)\fR"
+The list of environment variables that a privileged Postfix
+process will import from a non\-Postfix parent process, or name=value
+environment overrides.
+.IP "\fBmulti_instance_directories (empty)\fR"
+An optional list of non\-default Postfix configuration directories;
+these directories belong to additional Postfix instances that share
+the Postfix executable files and documentation with the default
+Postfix instance, and that are started, stopped, etc., together
+with the default Postfix instance.
+.IP "\fBmulti_instance_group (empty)\fR"
+The optional instance group name of this Postfix instance.
+.IP "\fBmulti_instance_name (empty)\fR"
+The optional instance name of this Postfix instance.
+.IP "\fBmulti_instance_enable (no)\fR"
+Allow this Postfix instance to be started, stopped, etc., by a
+multi\-instance manager.
+.IP "\fBpostmulti_start_commands (start)\fR"
+The \fBpostfix\fR(1) commands that the \fBpostmulti\fR(1) instance manager treats
+as "start" commands.
+.IP "\fBpostmulti_stop_commands (see 'postconf -d' output)\fR"
+The \fBpostfix\fR(1) commands that the \fBpostmulti\fR(1) instance manager treats
+as "stop" commands.
+.IP "\fBpostmulti_control_commands (reload flush)\fR"
+The \fBpostfix\fR(1) commands that the \fBpostmulti\fR(1) instance manager
+treats as "control" commands, that operate on running instances.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix 3.0 and later:
+.IP "\fBmeta_directory (see 'postconf -d' output)\fR"
+The location of non\-executable files that are shared among
+multiple Postfix instances, such as postfix\-files, dynamicmaps.cf,
+and the multi\-instance template files main.cf.proto and master.cf.proto.
+.IP "\fBshlib_directory (see 'postconf -d' output)\fR"
+The location of Postfix dynamically\-linked libraries
+(libpostfix\-*.so), and the default location of Postfix database
+plugins (postfix\-*.so) that have a relative pathname in the
+dynamicmaps.cf file.
+.SH "FILES"
+.na
+.nf
+$meta_directory/main.cf.proto, stock configuration file
+$meta_directory/master.cf.proto, stock configuration file
+$daemon_directory/postmulti\-script, life\-cycle helper program
+.SH "SEE ALSO"
+.na
+.nf
+postfix(1), Postfix control program
+postfix\-wrapper(5), Postfix multi\-instance API
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or "\fBpostconf
+html_directory\fR" to locate this information.
+.nf
+.na
+MULTI_INSTANCE_README, Postfix multi\-instance management
+.SH HISTORY
+.ad
+.fi
+.ad
+.fi
+The \fBpostmulti\fR(1) command was introduced with Postfix
+version 2.6.
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Victor Duchovni
+Morgan Stanley
+
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man1/postqueue.1 b/man/man1/postqueue.1
new file mode 100644
index 0000000..d042a34
--- /dev/null
+++ b/man/man1/postqueue.1
@@ -0,0 +1,269 @@
+.TH POSTQUEUE 1
+.ad
+.fi
+.SH NAME
+postqueue
+\-
+Postfix queue control
+.SH "SYNOPSIS"
+.na
+.nf
+.ti -4
+\fBTo flush the mail queue\fR:
+
+\fBpostqueue\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] \fB\-f\fR
+
+\fBpostqueue\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] \fB\-i \fIqueue_id\fR
+
+\fBpostqueue\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] \fB\-s \fIsite\fR
+
+.ti -4
+\fBTo list the mail queue\fR:
+
+\fBpostqueue\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] \fB\-j\fR
+
+\fBpostqueue\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] \fB\-p\fR
+.SH DESCRIPTION
+.ad
+.fi
+The \fBpostqueue\fR(1) command implements the Postfix user interface
+for queue management. It implements operations that are
+traditionally available via the \fBsendmail\fR(1) command.
+See the \fBpostsuper\fR(1) command for queue operations
+that require super\-user privileges such as deleting a message
+from the queue or changing the status of a message.
+
+The following options are recognized:
+.IP "\fB\-c \fIconfig_dir\fR"
+The \fBmain.cf\fR configuration file is in the named directory
+instead of the default configuration directory. See also the
+MAIL_CONFIG environment setting below.
+.IP \fB\-f\fR
+Flush the queue: attempt to deliver all queued mail.
+
+This option implements the traditional "\fBsendmail \-q\fR" command,
+by contacting the Postfix \fBqmgr\fR(8) daemon.
+
+Warning: flushing undeliverable mail frequently will result in
+poor delivery performance of all other mail.
+.IP "\fB\-i \fIqueue_id\fR"
+Schedule immediate delivery of deferred mail with the
+specified queue ID.
+
+This option implements the traditional \fBsendmail \-qI\fR
+command, by contacting the \fBflush\fR(8) server.
+
+This feature is available with Postfix version 2.4 and later.
+.IP "\fB\-j\fR"
+Produce a queue listing in JSON LINES format, based on
+output from the showq(8) daemon. See "\fBJSON OBJECT
+FORMAT\fR" below for details.
+
+This feature is available in Postfix 3.1 and later.
+.IP \fB\-p\fR
+Produce a traditional sendmail\-style queue listing.
+This option implements the traditional \fBmailq\fR command,
+by contacting the Postfix \fBshowq\fR(8) daemon.
+
+Each queue entry shows the queue file ID, message
+size, arrival time, sender, and the recipients that still need to
+be delivered. If mail could not be delivered upon the last attempt,
+the reason for failure is shown. The queue ID string
+is followed by an optional status character:
+.RS
+.IP \fB*\fR
+The message is in the \fBactive\fR queue, i.e. the message is
+selected for delivery.
+.IP \fB!\fR
+The message is in the \fBhold\fR queue, i.e. no further delivery
+attempt will be made until the mail is taken off hold.
+.IP \fB#\fR
+The message is forced to expire. See the \fBpostsuper\fR(1)
+options \fB\-e\fR or \fB\-f\fR.
+.sp
+This feature is available in Postfix 3.5 and later.
+.RE
+.IP "\fB\-s \fIsite\fR"
+Schedule immediate delivery of all mail that is queued for the named
+\fIsite\fR. A numerical site must be specified as a valid RFC 5321
+address literal enclosed in [], just like in email addresses.
+The site must be eligible for the "fast flush" service.
+See \fBflush\fR(8) for more information about the "fast flush"
+service.
+
+This option implements the traditional "\fBsendmail \-qR\fIsite\fR"
+command, by contacting the Postfix \fBflush\fR(8) daemon.
+.IP \fB\-v\fR
+Enable verbose logging for debugging purposes. Multiple \fB\-v\fR
+options make the software increasingly verbose. As of Postfix 2.3,
+this option is available for the super\-user only.
+.SH "JSON OBJECT FORMAT"
+.na
+.nf
+.ad
+.fi
+Each JSON object represents one queue file; it is emitted
+as a single text line followed by a newline character.
+
+Object members have string values unless indicated otherwise.
+Programs should ignore object members that are not listed
+here; the list of members is expected to grow over time.
+.IP \fBqueue_name\fR
+The name of the queue where the message was found. Note
+that the contents of the mail queue may change while it is
+being listed; some messages may appear more than once, and
+some messages may be missed.
+.IP \fBqueue_id\fR
+The queue file name. The queue_id may be reused within a
+Postfix instance unless "enable_long_queue_ids = true" and
+time is monotonic. Even then, the queue_id is not expected
+to be unique between different Postfix instances. Management
+tools that require a unique name should combine the queue_id
+with the myhostname setting of the Postfix instance.
+.IP \fBarrival_time\fR
+The number of seconds since the start of the UNIX epoch.
+.IP \fBmessage_size\fR
+The number of bytes in the message header and body. This
+number does not include message envelope information. It
+is approximately equal to the number of bytes that would
+be transmitted via SMTP including the <CR><LF> line endings.
+.IP \fBforced_expire\fR
+The message is forced to expire (\fBtrue\fR or \fBfalse\fR).
+See the \fBpostsuper\fR(1) options \fB\-e\fR or \fB\-f\fR.
+.sp
+This feature is available in Postfix 3.5 and later.
+.IP \fBsender\fR
+The envelope sender address.
+.IP \fBrecipients\fR
+An array containing zero or more objects with members:
+.RS
+.IP \fBaddress\fR
+One recipient address.
+.IP \fBdelay_reason\fR
+If present, the reason for delayed delivery. Delayed
+recipients may have no delay reason, for example, while
+delivery is in progress, or after the system was stopped
+before it could record the reason.
+.RE
+.SH "SECURITY"
+.na
+.nf
+.ad
+.fi
+This program is designed to run with set\-group ID privileges, so
+that it can connect to Postfix daemon processes.
+.SH "STANDARDS"
+.na
+.nf
+RFC 7159 (JSON notation)
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8),
+and to the standard error stream.
+.SH "ENVIRONMENT"
+.na
+.nf
+.ad
+.fi
+.IP MAIL_CONFIG
+Directory with the \fBmain.cf\fR file. In order to avoid exploitation
+of set\-group ID privileges, a non\-standard directory is allowed only
+if:
+.RS
+.IP \(bu
+The name is listed in the standard \fBmain.cf\fR file with the
+\fBalternate_config_directories\fR configuration parameter.
+.IP \(bu
+The command is invoked by the super\-user.
+.RE
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+The following \fBmain.cf\fR parameters are especially relevant to
+this program.
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.IP "\fBalternate_config_directories (empty)\fR"
+A list of non\-default Postfix configuration directories that may
+be specified with "\-c config_directory" on the command line (in the
+case of \fBsendmail\fR(1), with the "\-C" option), or via the MAIL_CONFIG
+environment parameter.
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBcommand_directory (see 'postconf -d' output)\fR"
+The location of all postfix administrative commands.
+.IP "\fBfast_flush_domains ($relay_domains)\fR"
+Optional list of destinations that are eligible for per\-destination
+logfiles with mail that is queued to those destinations.
+.IP "\fBimport_environment (see 'postconf -d' output)\fR"
+The list of environment variables that a privileged Postfix
+process will import from a non\-Postfix parent process, or name=value
+environment overrides.
+.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
+The location of the Postfix top\-level queue directory.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.IP "\fBtrigger_timeout (10s)\fR"
+The time limit for sending a trigger to a Postfix daemon (for
+example, the \fBpickup\fR(8) or \fBqmgr\fR(8) daemon).
+.PP
+Available in Postfix version 2.2 and later:
+.IP "\fBauthorized_flush_users (static:anyone)\fR"
+List of users who are authorized to flush the queue.
+.IP "\fBauthorized_mailq_users (static:anyone)\fR"
+List of users who are authorized to view the queue.
+.SH "FILES"
+.na
+.nf
+/var/spool/postfix, mail queue
+.SH "SEE ALSO"
+.na
+.nf
+qmgr(8), queue manager
+showq(8), list mail queue
+flush(8), fast flush service
+sendmail(1), Sendmail\-compatible user interface
+postsuper(1), privileged queue operations
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+ETRN_README, Postfix ETRN howto
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH HISTORY
+.ad
+.fi
+.ad
+.fi
+The postqueue command was introduced with Postfix version 1.1.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man1/postsuper.1 b/man/man1/postsuper.1
new file mode 100644
index 0000000..885330f
--- /dev/null
+++ b/man/man1/postsuper.1
@@ -0,0 +1,343 @@
+.TH POSTSUPER 1
+.ad
+.fi
+.SH NAME
+postsuper
+\-
+Postfix superintendent
+.SH "SYNOPSIS"
+.na
+.nf
+.fi
+\fBpostsuper\fR [\fB\-psSv\fR]
+ [\fB\-c \fIconfig_dir\fR] [\fB\-d \fIqueue_id\fR]
+ [\fB\-e \fIqueue_id\fR] [\fB\-f \fIqueue_id\fR]
+ [\fB\-h \fIqueue_id\fR] [\fB\-H \fIqueue_id\fR]
+ [\fB\-r \fIqueue_id\fR] [\fIdirectory ...\fR]
+.SH DESCRIPTION
+.ad
+.fi
+The \fBpostsuper\fR(1) command does maintenance jobs on the Postfix
+queue. Use of the command is restricted to the superuser.
+See the \fBpostqueue\fR(1) command for unprivileged queue operations
+such as listing or flushing the mail queue.
+
+By default, \fBpostsuper\fR(1) performs the operations
+requested with the
+\fB\-s\fR and \fB\-p\fR command\-line options on all Postfix queue
+directories \- this includes the \fBincoming\fR, \fBactive\fR,
+\fBdeferred\fR, and \fBhold\fR directories with message
+files and the \fBbounce\fR,
+\fBdefer\fR, \fBtrace\fR and \fBflush\fR directories with log files.
+
+Options:
+.IP "\fB\-c \fIconfig_dir\fR"
+The \fBmain.cf\fR configuration file is in the named directory
+instead of the default configuration directory. See also the
+MAIL_CONFIG environment setting below.
+.IP "\fB\-d \fIqueue_id\fR"
+Delete one message with the named queue ID from the named
+mail queue(s) (default: \fBhold\fR, \fBincoming\fR, \fBactive\fR and
+\fBdeferred\fR).
+
+To delete multiple files, specify the \fB\-d\fR option multiple
+times, or specify a \fIqueue_id\fR of \fB\-\fR to read queue IDs
+from standard input. For example, to delete all mail
+with exactly one recipient \fBuser@example.com\fR:
+.sp
+.nf
+postqueue \-j | jq -r '
+ # See JSON OBJECT FORMAT section in the postqueue(1) manpage
+ select(.recipients[0].address == "user@example.com")
+ | select(.recipients[1].address == null)
+ | .queue_id
+ ' | postsuper \-d \-
+.fi
+.sp
+(note the "jq -r" option), or the historical form:
+.sp
+.nf
+mailq | tail \-n +2 | grep \-v '^ *(' | awk 'BEGIN { RS = "" }
+ # $7=sender, $8=recipient1, $9=recipient2
+ { if ($8 == "user@example.com" && $9 == "")
+ print $1 }
+ ' | tr \-d '*!' | postsuper \-d \-
+.fi
+.sp
+Specify "\fB\-d ALL\fR" to remove all messages; for example, specify
+"\fB\-d ALL deferred\fR" to delete all mail in the \fBdeferred\fR queue.
+As a safety measure, the word \fBALL\fR must be specified in upper
+case.
+.sp
+Warning: Postfix queue IDs are reused (always with Postfix
+<= 2.8; and with Postfix >= 2.9 when enable_long_queue_ids=no).
+There is a very small possibility that postsuper deletes the
+wrong message file when it is executed while the Postfix mail
+system is delivering mail.
+.sp
+The scenario is as follows:
+.RS
+.IP 1)
+The Postfix queue manager deletes the message that \fBpostsuper\fR(1)
+is asked to delete, because Postfix is finished with the
+message (it is delivered, or it is returned to the sender).
+.IP 2)
+New mail arrives, and the new message is given the same queue ID
+as the message that \fBpostsuper\fR(1) is supposed to delete.
+The probability for reusing a deleted queue ID is about 1 in 2**15
+(the number of different microsecond values that the system clock
+can distinguish within a second).
+.IP 3)
+\fBpostsuper\fR(1) deletes the new message, instead of the old
+message that it should have deleted.
+.RE
+.IP "\fB\-e \fIqueue_id\fR"
+.IP "\fB\-f \fIqueue_id\fR"
+Request forced expiration for one message with the named
+queue ID in the named mail queue(s) (default: \fBhold\fR,
+\fBincoming\fR, \fBactive\fR and \fBdeferred\fR).
+.RS
+.IP \(bu
+The message will be returned to the sender when the queue
+manager attempts to deliver that message (note that Postfix
+will never deliver messages in the \fBhold\fR queue).
+.IP \(bu
+The \fB\-e\fR and \fB\-f\fR options both request forced
+expiration. The difference is that \fB\-f\fR will also release
+a message if it is in the \fBhold\fR queue. With \fB\-e\fR, such
+a message would not be returned to the sender until it is
+released with \fB\-f\fR or \fB\-H\fR.
+.IP \(bu
+When a deferred message is force\-expired, the return message
+will state the reason for the delay. Otherwise, the reason
+will be "message is administratively expired".
+.RE
+.IP
+To expire multiple files, specify the \fB\-e\fR or \fB\-f\fR
+option multiple times, or specify a \fIqueue_id\fR of \fB\-\fR
+to read queue IDs from standard input (see the \fB\-d\fR option
+above for an example, but be sure to replace \fB\-d\fR in
+the example).
+.sp
+Specify "\fB\-e ALL\fR" or "\fB\-f ALL\fR" to expire all
+messages; for example, specify "\fB\-e ALL deferred\fR" to
+expire all mail in the \fBdeferred\fR queue. As a safety
+measure, the word \fBALL\fR must be specified in upper case.
+.sp
+These features are available in Postfix 3.5 and later.
+.IP "\fB\-h \fIqueue_id\fR"
+Put mail "on hold" so that no attempt is made to deliver it.
+Move one message with the named queue ID from the named
+mail queue(s) (default: \fBincoming\fR, \fBactive\fR and
+\fBdeferred\fR) to the \fBhold\fR queue.
+
+To hold multiple files, specify the \fB\-h\fR option multiple
+times, or specify a \fIqueue_id\fR of \fB\-\fR to read queue IDs
+from standard input.
+.sp
+Specify "\fB\-h ALL\fR" to hold all messages; for example, specify
+"\fB\-h ALL deferred\fR" to hold all mail in the \fBdeferred\fR queue.
+As a safety measure, the word \fBALL\fR must be specified in upper
+case.
+.sp
+Note: while mail is "on hold" it will not expire when its
+time in the queue exceeds the \fBmaximal_queue_lifetime\fR
+or \fBbounce_queue_lifetime\fR setting. It becomes subject to
+expiration after it is released from "hold".
+.sp
+This feature is available in Postfix 2.0 and later.
+.IP "\fB\-H \fIqueue_id\fR"
+Release mail that was put "on hold".
+Move one message with the named queue ID from the named
+mail queue(s) (default: \fBhold\fR) to the \fBdeferred\fR queue.
+
+To release multiple files, specify the \fB\-H\fR option multiple
+times, or specify a \fIqueue_id\fR of \fB\-\fR to read queue IDs
+from standard input.
+.sp
+Note: specify "\fBpostsuper \-r\fR" to release mail that was kept on
+hold for a significant fraction of \fB$maximal_queue_lifetime\fR
+or \fB$bounce_queue_lifetime\fR, or longer.
+.sp
+Specify "\fB\-H ALL\fR" to release all mail that is "on hold".
+As a safety measure, the word \fBALL\fR must be specified in upper
+case.
+.sp
+This feature is available in Postfix 2.0 and later.
+.IP \fB\-p\fR
+Purge old temporary files that are left over after system or
+software crashes.
+The \fB\-p\fR, \fB\-s\fR, and \fB\-S\fR operations are done
+before other operations.
+.IP "\fB\-r \fIqueue_id\fR"
+Requeue the message with the named queue ID from the named
+mail queue(s) (default: \fBhold\fR, \fBincoming\fR, \fBactive\fR and
+\fBdeferred\fR).
+
+To requeue multiple files, specify the \fB\-r\fR option multiple
+times, or specify a \fIqueue_id\fR of \fB\-\fR to read queue IDs
+from standard input.
+.sp
+Specify "\fB\-r ALL\fR" to requeue all messages. As a safety
+measure, the word \fBALL\fR must be specified in upper case.
+.sp
+A requeued message is moved to the \fBmaildrop\fR queue,
+from where it is copied by the \fBpickup\fR(8) and
+\fBcleanup\fR(8) daemons to a new queue file. In many
+respects its handling differs from that of a new local
+submission.
+.RS
+.IP \(bu
+The message is not subjected to the smtpd_milters or
+non_smtpd_milters settings. When mail has passed through
+an external content filter, this would produce incorrect
+results with Milter applications that depend on original
+SMTP connection state information.
+.IP \(bu
+The message is subjected again to mail address rewriting
+and substitution. This is useful when rewriting rules or
+virtual mappings have changed.
+.sp
+The address rewriting context (local or remote) is the same
+as when the message was received.
+.IP \(bu
+The message is subjected to the same content_filter settings
+(if any) as used for new local mail submissions. This is
+useful when content_filter settings have changed.
+.RE
+.IP
+Warning: Postfix queue IDs are reused (always with Postfix
+<= 2.8; and with Postfix >= 2.9 when enable_long_queue_ids=no).
+There is a very small possibility that \fBpostsuper\fR(1) requeues
+the wrong message file when it is executed while the Postfix mail
+system is running, but no harm should be done.
+.sp
+This feature is available in Postfix 1.1 and later.
+.IP \fB\-s\fR
+Structure check and structure repair. This should be done once
+before Postfix startup.
+The \fB\-p\fR, \fB\-s\fR, and \fB\-S\fR operations are done
+before other operations.
+.RS
+.IP \(bu
+Rename files whose name does not match the message file inode
+number. This operation is necessary after restoring a mail
+queue from a different machine or from backup, when queue
+files were created with Postfix <= 2.8 or with
+"enable_long_queue_ids = no".
+.IP \(bu
+Move queue files that are in the wrong place in the file system
+hierarchy and remove subdirectories that are no longer needed.
+File position rearrangements are necessary after a change in the
+\fBhash_queue_names\fR and/or \fBhash_queue_depth\fR
+configuration parameters.
+.IP \(bu
+Rename queue files created with "enable_long_queue_ids =
+yes" to short names, for migration to Postfix <= 2.8. The
+procedure is as follows:
+.sp
+.nf
+.na
+# postfix stop
+# postconf enable_long_queue_ids=no
+# postsuper
+.ad
+.fi
+.sp
+Run \fBpostsuper\fR(1) repeatedly until it stops reporting
+file name changes.
+.RE
+.IP \fB\-S\fR
+A redundant version of \fB\-s\fR that requires that long
+file names also match the message file inode number. This
+option exists for testing purposes, and is available with
+Postfix 2.9 and later.
+The \fB\-p\fR, \fB\-s\fR, and \fB\-S\fR operations are done
+before other operations.
+.IP \fB\-v\fR
+Enable verbose logging for debugging purposes. Multiple \fB\-v\fR
+options make the software increasingly verbose.
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems are reported to the standard error stream and to
+\fBsyslogd\fR(8) or \fBpostlogd\fR(8).
+
+\fBpostsuper\fR(1) reports the number of messages deleted
+with \fB\-d\fR, the number of messages expired with \fB\-e\fR,
+the number of messages expired or released with \fB\-f\fR,
+the number of messages held or released with \fB\-h\fR or
+\fB\-H\fR, the number of messages requeued with \fB\-r\fR,
+and the number of messages whose queue file name was fixed
+with \fB\-s\fR. The report is written to the standard error
+stream and to \fBsyslogd\fR(8) or \fBpostlogd\fR(8).
+.SH "ENVIRONMENT"
+.na
+.nf
+.ad
+.fi
+.IP MAIL_CONFIG
+Directory with the \fBmain.cf\fR file.
+.SH BUGS
+.ad
+.fi
+Mail that is not sanitized by Postfix (i.e. mail in the \fBmaildrop\fR
+queue) cannot be placed "on hold".
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+The following \fBmain.cf\fR parameters are especially relevant to
+this program.
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBhash_queue_depth (1)\fR"
+The number of subdirectory levels for queue directories listed with
+the hash_queue_names parameter.
+.IP "\fBhash_queue_names (deferred, defer)\fR"
+The names of queue directories that are split across multiple
+subdirectory levels.
+.IP "\fBimport_environment (see 'postconf -d' output)\fR"
+The list of environment parameters that a privileged Postfix
+process will import from a non\-Postfix parent process, or name=value
+environment overrides.
+.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
+The location of the Postfix top\-level queue directory.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix version 2.9 and later:
+.IP "\fBenable_long_queue_ids (no)\fR"
+Enable long, non\-repeating, queue IDs (queue file names).
+.SH "SEE ALSO"
+.na
+.nf
+sendmail(1), Sendmail\-compatible user interface
+postqueue(1), unprivileged queue operations
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man1/posttls-finger.1 b/man/man1/posttls-finger.1
new file mode 100644
index 0000000..1e22a03
--- /dev/null
+++ b/man/man1/posttls-finger.1
@@ -0,0 +1,345 @@
+.TH POSTTLS-FINGER 1
+.ad
+.fi
+.SH NAME
+posttls-finger
+\-
+Probe the TLS properties of an ESMTP or LMTP server.
+.SH "SYNOPSIS"
+.na
+.nf
+\fBposttls\-finger\fR [\fIoptions\fR] [\fBinet:\fR]\fIdomain\fR[:\fIport\fR] [\fImatch ...\fR]
+.br
+\fBposttls\-finger\fR \-S [\fIoptions\fR] \fBunix:\fIpathname\fR [\fImatch ...\fR]
+.SH DESCRIPTION
+.ad
+.fi
+\fBposttls\-finger\fR(1) connects to the specified destination
+and reports TLS\-related information about the server. With SMTP, the
+destination is a domainname; with LMTP it is either a domainname
+prefixed with \fBinet:\fR or a pathname prefixed with \fBunix:\fR. If
+Postfix is built without TLS support, the resulting \fBposttls\-finger\fR(1)
+program has very limited functionality, and only the \fB\-a\fR, \fB\-c\fR,
+\fB\-h\fR, \fB\-o\fR, \fB\-S\fR, \fB\-t\fR, \fB\-T\fR and \fB\-v\fR options
+are available.
+
+Note: this is an unsupported test program. No attempt is made
+to maintain compatibility between successive versions.
+
+For SMTP servers that don't support ESMTP, only the greeting banner
+and the negative EHLO response are reported. Otherwise, the reported
+EHLO response details further server capabilities.
+
+If TLS support is enabled when \fBposttls\-finger\fR(1) is compiled, and
+the server supports \fBSTARTTLS\fR, a TLS handshake is attempted.
+
+If DNSSEC support is available, the connection TLS security level
+(\fB\-l\fR option) defaults to \fBdane\fR; see TLS_README for
+details. Otherwise, it defaults to \fBsecure\fR. This setting
+determines the certificate matching policy.
+
+If TLS negotiation succeeds, the TLS protocol and cipher details are
+reported. The server certificate is then verified in accordance with
+the policy at the chosen (or default) security level. With public
+CA\-based trust, when the \fB\-L\fR option includes \fBcertmatch\fR,
+(true by default) name matching is performed even if the certificate
+chain is not trusted. This logs the names found in the remote SMTP
+server certificate and which if any would match, were the certificate
+chain trusted.
+
+Note: \fBposttls\-finger\fR(1) does not perform any table lookups, so
+the TLS policy table and obsolete per\-site tables are not consulted.
+It does not communicate with the \fBtlsmgr\fR(8) daemon (or any other
+Postfix daemons); its TLS session cache is held in private memory, and
+disappears when the process exits.
+
+With the \fB\-r \fIdelay\fR option, if the server assigns a TLS
+session id, the TLS session is cached. The connection is then closed
+and re\-opened after the specified delay, and \fBposttls\-finger\fR(1)
+then reports whether the cached TLS session was re\-used.
+
+When the destination is a load balancer, it may be distributing
+load between multiple server caches. Typically, each server returns
+its unique name in its EHLO response. If, upon reconnecting with
+\fB\-r\fR, a new server name is detected, another session is cached
+for the new server, and the reconnect is repeated up to a maximum
+number of times (default 5) that can be specified via the \fB\-m\fR
+option.
+
+The choice of SMTP or LMTP (\fB\-S\fR option) determines the syntax of
+the destination argument. With SMTP, one can specify a service on a
+non\-default port as \fIhost\fR:\fIservice\fR, and disable MX (mail
+exchanger) DNS lookups with [\fIhost\fR] or [\fIhost\fR]:\fIport\fR.
+The [] form is required when you specify an IP address instead of a
+hostname. An IPv6 address takes the form [\fBipv6:\fIaddress\fR].
+The default port for SMTP is taken from the \fBsmtp/tcp\fR entry in
+/etc/services, defaulting to 25 if the entry is not found.
+
+With LMTP, specify \fBunix:\fIpathname\fR to connect to a local server
+listening on a unix\-domain socket bound to the specified pathname;
+otherwise, specify an optional \fBinet:\fR prefix followed by a
+\fIdomain\fR and an optional port, with the same syntax as for
+SMTP. The default TCP port for LMTP is 24.
+
+Arguments:
+.IP "\fB\-a\fR \fIfamily\fR (default: \fBany\fR)"
+Address family preference: \fBipv4\fR, \fBipv6\fR or \fBany\fR. When
+using \fBany\fR, \fBposttls\-finger\fR(1) will randomly select one of
+the two as the more preferred, and exhaust all MX preferences for the
+first address family before trying any addresses for the other.
+.IP "\fB\-A\fR \fItrust\-anchor.pem\fR (default: none)"
+A list of PEM trust\-anchor files that overrides CAfile and CApath
+trust chain verification. Specify the option multiple times to
+specify multiple files. See the main.cf documentation for
+smtp_tls_trust_anchor_file for details.
+.IP "\fB\-c\fR"
+Disable SMTP chat logging; only TLS\-related information is logged.
+.IP "\fB\-C\fR"
+Print the remote SMTP server certificate trust chain in PEM format.
+The issuer DN, subject DN, certificate and public key fingerprints
+(see \fB\-d \fImdalg\fR option below) are printed above each PEM
+certificate block. If you specify \fB\-F \fICAfile\fR or
+\fB\-P \fICApath\fR, the OpenSSL library may augment the chain with
+missing issuer certificates. To see the actual chain sent by the
+remote SMTP server leave \fICAfile\fR and \fICApath\fR unset.
+.IP "\fB\-d \fImdalg\fR (default: \fB$smtp_tls_fingerprint_digest\fR)"
+The message digest algorithm to use for reporting remote SMTP server
+fingerprints and matching against user provided certificate
+fingerprints (with DANE TLSA records the algorithm is specified
+in the DNS). In Postfix versions prior to 3.6, the default value
+was "md5".
+.IP "\fB\-f\fR"
+Lookup the associated DANE TLSA RRset even when a hostname is not an
+alias and its address records lie in an unsigned zone. See
+smtp_tls_force_insecure_host_tlsa_lookup for details.
+.IP "\fB\-F \fICAfile.pem\fR (default: none)"
+The PEM formatted CAfile for remote SMTP server certificate
+verification. By default no CAfile is used and no public CAs
+are trusted.
+.IP "\fB\-g \fIgrade\fR (default: medium)"
+The minimum TLS cipher grade used by \fBposttls\-finger\fR(1).
+See smtp_tls_mandatory_ciphers for details.
+.IP "\fB\-h \fIhost_lookup\fR (default: \fBdns\fR)"
+The hostname lookup methods used for the connection. See the
+documentation of smtp_host_lookup for syntax and semantics.
+.IP "\fB\-H \fIchainfiles\fR (default: \fInone\fR)\fR"
+List of files with a sequence PEM\-encoded TLS client certificate
+chains. The list can be built\-up incrementally, by specifying
+the option multiple times, or all at once via a comma or
+whitespace separated list of filenames. Each chain starts with
+a private key, which is followed immediately by the
+corresponding certificate, and optionally by additional issuer
+certificates. Each new key begins a new chain for the
+corresponding algorithm. This option is mutually exclusive with
+the below \fB\-k\fR and \fB\-K\fR options.
+.IP "\fB\-k \fIcertfile\fR (default: \fIkeyfile\fR)\fR"
+File with PEM\-encoded TLS client certificate chain. This
+defaults to \fIkeyfile\fR if one is specified.
+.IP "\fB\-K \fIkeyfile\fR (default: \fIcertfile\fR)"
+File with PEM\-encoded TLS client private key.
+This defaults to \fIcertfile\fR if one is specified.
+.IP "\fB\-l \fIlevel\fR (default: \fBdane\fR or \fBsecure\fR)"
+The security level for the connection, default \fBdane\fR or
+\fBsecure\fR depending on whether DNSSEC is available. For syntax
+and semantics, see the documentation of smtp_tls_security_level.
+When \fBdane\fR or \fBdane\-only\fR is supported and selected, if no
+TLSA records are found, or all the records found are unusable, the
+\fIsecure\fR level will be used instead. The \fBfingerprint\fR
+security level allows you to test certificate or public\-key
+fingerprint matches before you deploy them in the policy table.
+.IP
+Note, since \fBposttls\-finger\fR(1) does not actually deliver any email,
+the \fBnone\fR, \fBmay\fR and \fBencrypt\fR security levels are not
+very useful. Since \fBmay\fR and \fBencrypt\fR don't require peer
+certificates, they will often negotiate anonymous TLS ciphersuites,
+so you won't learn much about the remote SMTP server's certificates
+at these levels if it also supports anonymous TLS (though you may
+learn that the server supports anonymous TLS).
+.IP "\fB\-L \fIlogopts\fR (default: \fBroutine,certmatch\fR)"
+Fine\-grained TLS logging options. To tune the TLS features logged
+during the TLS handshake, specify one or more of:
+.RS
+.IP "\fB0, none\fR"
+These yield no TLS logging; you'll generally want more, but this
+is handy if you just want the trust chain:
+.RS
+.ad
+.nf
+$ posttls\-finger \-cC \-L none destination
+.fi
+.RE
+.IP "\fB1, routine, summary\fR"
+These synonymous values yield a normal one\-line summary of the TLS
+connection.
+.IP "\fB2, debug\fR"
+These synonymous values combine routine, ssl\-debug, cache and verbose.
+.IP "\fB3, ssl\-expert\fR"
+These synonymous values combine debug with ssl\-handshake\-packet\-dump.
+For experts only.
+.IP "\fB4, ssl\-developer\fR"
+These synonymous values combine ssl\-expert with ssl\-session\-packet\-dump.
+For experts only, and in most cases, use wireshark instead.
+.IP "\fBssl\-debug\fR"
+Turn on OpenSSL logging of the progress of the SSL handshake.
+.IP "\fBssl\-handshake\-packet\-dump\fR"
+Log hexadecimal packet dumps of the SSL handshake; for experts only.
+.IP "\fBssl\-session\-packet\-dump\fR"
+Log hexadecimal packet dumps of the entire SSL session; only useful
+to those who can debug SSL protocol problems from hex dumps.
+.IP "\fBuntrusted\fR"
+Logs trust chain verification problems. This is turned on
+automatically at security levels that use peer names signed
+by Certification Authorities to validate certificates. So while
+this setting is recognized, you should never need to set it
+explicitly.
+.IP "\fBpeercert\fR"
+This logs a one line summary of the remote SMTP server certificate
+subject, issuer, and fingerprints.
+.IP "\fBcertmatch\fR"
+This logs remote SMTP server certificate matching, showing the CN
+and each subjectAltName and which name matched. With DANE, logs
+matching of TLSA record trust\-anchor and end\-entity certificates.
+.IP "\fBcache\fR"
+This logs session cache operations, showing whether session caching
+is effective with the remote SMTP server. Automatically used when
+reconnecting with the \fB\-r\fR option; rarely needs to be set
+explicitly.
+.IP "\fBverbose\fR"
+Enables verbose logging in the Postfix TLS driver; includes all of
+peercert..cache and more.
+.RE
+.IP
+The default is \fBroutine,certmatch\fR. After a reconnect,
+\fBpeercert\fR, \fBcertmatch\fR and \fBverbose\fR are automatically
+disabled while \fBcache\fR and \fBsummary\fR are enabled.
+.IP "\fB\-m \fIcount\fR (default: \fB5\fR)"
+When the \fB\-r \fIdelay\fR option is specified, the \fB\-m\fR option
+determines the maximum number of reconnect attempts to use with
+a server behind a load balancer, to see whether connection caching
+is likely to be effective for this destination. Some MTAs
+don't expose the underlying server identity in their EHLO
+response; with these servers there will never be more than
+1 reconnection attempt.
+.IP "\fB\-M \fIinsecure_mx_policy\fR (default: \fBdane\fR)"
+The TLS policy for MX hosts with "secure" TLSA records when the
+nexthop destination security level is \fBdane\fR, but the MX
+record was found via an "insecure" MX lookup. See the main.cf
+documentation for smtp_tls_dane_insecure_mx_policy for details.
+.IP "\fB\-o \fIname=value\fR"
+Specify zero or more times to override the value of the main.cf
+parameter \fIname\fR with \fIvalue\fR. Possible use\-cases include
+overriding the values of TLS library parameters, or "myhostname" to
+configure the SMTP EHLO name sent to the remote server.
+.IP "\fB\-p \fIprotocols\fR (default: >=TLSv1)"
+TLS protocols that \fBposttls\-finger\fR(1) will exclude or include. See
+smtp_tls_mandatory_protocols for details.
+.IP "\fB\-P \fICApath/\fR (default: none)"
+The OpenSSL CApath/ directory (indexed via c_rehash(1)) for remote
+SMTP server certificate verification. By default no CApath is used
+and no public CAs are trusted.
+.IP "\fB\-r \fIdelay\fR"
+With a cacheable TLS session, disconnect and reconnect after \fIdelay\fR
+seconds. Report whether the session is re\-used. Retry if a new server
+is encountered, up to 5 times or as specified with the \fB\-m\fR option.
+By default reconnection is disabled, specify a positive delay to
+enable this behavior.
+.IP "\fB\-R\fR"
+Use SRV lookup instead of MX.
+.IP "\fB\-s \fIservername\fR"
+The server name to send with the TLS Server Name Indication (SNI)
+extension. When the server has DANE TLSA records, this parameter
+is ignored and the TLSA base domain is used instead. Otherwise, SNI is
+not used by default, but can be enabled by specifying the desired value
+with this option.
+.IP "\fB\-S\fR"
+Disable SMTP; that is, connect to an LMTP server. The default port for
+LMTP over TCP is 24. Alternative ports can specified by appending
+"\fI:servicename\fR" or ":\fIportnumber\fR" to the destination
+argument.
+.IP "\fB\-t \fItimeout\fR (default: \fB30\fR)"
+The TCP connection timeout to use. This is also the timeout for
+reading the remote server's 220 banner.
+.IP "\fB\-T \fItimeout\fR (default: \fB30\fR)"
+The SMTP/LMTP command timeout for EHLO/LHLO, STARTTLS and QUIT.
+.IP "\fB\-v\fR"
+Enable verbose Postfix logging. Specify more than once to increase
+the level of verbose logging.
+.IP "\fB\-w\fR"
+Enable outgoing TLS wrapper mode, or SUBMISSIONS/SMTPS support. This
+is typically provided on port 465 by servers that are compatible with
+the SMTP\-in\-SSL protocol, rather than the STARTTLS protocol.
+The destination \fIdomain\fR:\fIport\fR must of course provide such
+a service.
+.IP "\fB\-X\fR"
+Enable \fBtlsproxy\fR(8) mode. This is an unsupported mode,
+for program development only.
+.IP "[\fBinet:\fR]\fIdomain\fR[:\fIport\fR]"
+Connect via TCP to domain \fIdomain\fR, port \fIport\fR. The default
+port is \fBsmtp\fR (or 24 with LMTP). With SMTP an MX lookup is
+performed to resolve the domain to a host, unless the domain is
+enclosed in \fB[]\fR. If you want to connect to a specific MX host,
+for instance \fImx1.example.com\fR, specify [\fImx1.example.com\fR]
+as the destination and \fIexample.com\fR as a \fBmatch\fR argument.
+When using DNS, the destination domain is assumed fully qualified
+and no default domain or search suffixes are applied; you must use
+fully\-qualified names or also enable \fBnative\fR host lookups
+(these don't support \fBdane\fR or \fBdane\-only\fR as no DNSSEC
+validation information is available via \fBnative\fR lookups).
+.IP "\fBunix:\fIpathname\fR"
+Connect to the UNIX\-domain socket at \fIpathname\fR. LMTP only.
+.IP "\fBmatch ...\fR"
+With no match arguments specified, certificate peername matching uses
+the compiled\-in default strategies for each security level. If you
+specify one or more arguments, these will be used as the list of
+certificate or public\-key digests to match for the \fBfingerprint\fR
+level, or as the list of DNS names to match in the certificate at the
+\fBverify\fR and \fBsecure\fR levels. If the security level is
+\fBdane\fR, or \fBdane\-only\fR the match names are ignored, and
+\fBhostname, nexthop\fR strategies are used.
+.ad
+.fi
+.SH "ENVIRONMENT"
+.na
+.nf
+.ad
+.fi
+.IP \fBMAIL_CONFIG\fR
+Read configuration parameters from a non\-default location.
+.IP \fBMAIL_VERBOSE\fR
+Same as \fB\-v\fR option.
+.SH "SEE ALSO"
+.na
+.nf
+smtp\-source(1), SMTP/LMTP message source
+smtp\-sink(1), SMTP/LMTP message dump
+
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or "\fBpostconf
+html_directory\fR" to locate this information.
+.na
+.nf
+TLS_README, Postfix STARTTLS howto
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
+
+Viktor Dukhovni
diff --git a/man/man1/qmqp-sink.1 b/man/man1/qmqp-sink.1
new file mode 100644
index 0000000..1556b51
--- /dev/null
+++ b/man/man1/qmqp-sink.1
@@ -0,0 +1,69 @@
+.TH QMQP-SINK 1
+.ad
+.fi
+.SH NAME
+qmqp-sink
+\-
+parallelized QMQP test server
+.SH "SYNOPSIS"
+.na
+.nf
+.fi
+\fBqmqp\-sink\fR [\fB\-46cv\fR] [\fB\-x \fItime\fR]
+[\fBinet:\fR][\fIhost\fR]:\fIport\fR \fIbacklog\fR
+
+\fBqmqp\-sink\fR [\fB\-46cv\fR] [\fB\-x \fItime\fR]
+\fBunix:\fR\fIpathname\fR \fIbacklog\fR
+.SH DESCRIPTION
+.ad
+.fi
+\fBqmqp\-sink\fR listens on the named host (or address) and port.
+It receives messages from the network and throws them away.
+The purpose is to measure QMQP client performance, not protocol
+compliance.
+Connections can be accepted on IPv4 or IPv6 endpoints, or on
+UNIX\-domain sockets.
+IPv4 and IPv6 are the default.
+This program is the complement of the \fBqmqp\-source\fR(1) program.
+
+Note: this is an unsupported test program. No attempt is made
+to maintain compatibility between successive versions.
+
+Arguments:
+.IP \fB\-4\fR
+Support IPv4 only. This option has no effect when
+Postfix is built without IPv6 support.
+.IP \fB\-6\fR
+Support IPv6 only. This option is not available when
+Postfix is built without IPv6 support.
+.IP \fB\-c\fR
+Display a running counter that is updated whenever a delivery
+is completed.
+.IP \fB\-v\fR
+Increase verbosity. Specify \fB\-v \-v\fR to see some of the QMQP
+conversation.
+.IP "\fB\-x \fItime\fR"
+Terminate after \fItime\fR seconds. This is to facilitate memory
+leak testing.
+.SH "SEE ALSO"
+.na
+.nf
+qmqp\-source(1), QMQP message generator
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man1/qmqp-source.1 b/man/man1/qmqp-source.1
new file mode 100644
index 0000000..86f23b9
--- /dev/null
+++ b/man/man1/qmqp-source.1
@@ -0,0 +1,90 @@
+.TH QMQP-SOURCE 1
+.ad
+.fi
+.SH NAME
+qmqp-source
+\-
+parallelized QMQP test generator
+.SH "SYNOPSIS"
+.na
+.nf
+.fi
+\fBqmqp\-source\fR [\fIoptions\fR] [\fBinet:\fR]\fIhost\fR[:\fIport\fR]
+
+\fBqmqp\-source\fR [\fIoptions\fR] \fBunix:\fIpathname\fR
+.SH DESCRIPTION
+.ad
+.fi
+\fBqmqp\-source\fR connects to the named host and TCP port (default 628)
+and sends one or more messages to it, either sequentially
+or in parallel. The program speaks the QMQP protocol.
+Connections can be made to UNIX\-domain and IPv4 or IPv6 servers.
+IPv4 and IPv6 are the default.
+
+Note: this is an unsupported test program. No attempt is made
+to maintain compatibility between successive versions.
+
+Arguments:
+.IP \fB\-4\fR
+Connect to the server with IPv4. This option has no effect when
+Postfix is built without IPv6 support.
+.IP \fB\-6\fR
+Connect to the server with IPv6. This option is not available when
+Postfix is built without IPv6 support.
+.IP \fB\-c\fR
+Display a running counter that is incremented each time
+a delivery completes.
+.IP "\fB\-C \fIcount\fR"
+When a host sends RESET instead of SYN|ACK, try \fIcount\fR times
+before giving up. The default count is 1. Specify a larger count in
+order to work around a problem with TCP/IP stacks that send RESET
+when the listen queue is full.
+.IP "\fB\-f \fIfrom\fR"
+Use the specified sender address (default: <foo@myhostname>).
+.IP "\fB\-l \fIlength\fR"
+Send \fIlength\fR bytes as message payload. The length
+includes the message headers.
+.IP "\fB\-m \fImessage_count\fR"
+Send the specified number of messages (default: 1).
+.IP "\fB\-M \fImyhostname\fR"
+Use the specified hostname or [address] in the default
+sender and recipient addresses, instead of the machine
+hostname.
+.IP "\fB\-r \fIrecipient_count\fR"
+Send the specified number of recipients per transaction (default: 1).
+Recipient names are generated by prepending a number to the
+recipient address.
+.IP "\fB\-s \fIsession_count\fR"
+Run the specified number of QMQP sessions in parallel (default: 1).
+.IP "\fB\-t \fIto\fR"
+Use the specified recipient address (default: <foo@myhostname>).
+.IP "\fB\-R \fIinterval\fR"
+Wait for a random period of time 0 <= n <= interval between messages.
+Suspending one thread does not affect other delivery threads.
+.IP \fB\-v\fR
+Make the program more verbose, for debugging purposes.
+.IP "\fB\-w \fIinterval\fR"
+Wait a fixed time between messages.
+Suspending one thread does not affect other delivery threads.
+.SH "SEE ALSO"
+.na
+.nf
+qmqp\-sink(1), QMQP message dump
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man1/qshape.1 b/man/man1/qshape.1
new file mode 100644
index 0000000..5a6352f
--- /dev/null
+++ b/man/man1/qshape.1
@@ -0,0 +1,118 @@
+.TH QSHAPE 1
+.ad
+.fi
+.SH NAME
+qshape
+\-
+Print Postfix queue domain and age distribution
+.SH "SYNOPSIS"
+.na
+.nf
+.fi
+\fBqshape\fR [\fB\-s\fR] [\fB\-p\fR] [\fB\-m \fImin_subdomains\fR]
+ [\fB\-b \fIbucket_count\fR] [\fB\-t \fIbucket_time\fR]
+ [\fB\-l\fR] [\fB\-w \fIterminal_width\fR]
+ [\fB\-N \fIbatch_msg_count\fR] [\fB\-n \fIbatch_top_domains\fR]
+ [\fB\-c \fIconfig_directory\fR] [\fIqueue_name\fR ...]
+.SH DESCRIPTION
+.ad
+.fi
+The \fBqshape\fR program helps the administrator understand the
+Postfix queue message distribution in time and by sender domain
+or recipient domain. The program needs read access to the queue
+directories and queue files, so it must run as the superuser or
+the \fBmail_owner\fR specified in \fBmain.cf\fR (typically
+\fBpostfix\fR).
+
+Options:
+.IP \fB\-s\fR
+Display the sender domain distribution instead of the recipient
+domain distribution. By default the recipient distribution is
+displayed. There can be more recipients than messages, but as
+each message has only one sender, the sender distribution is a
+message distribution.
+.IP \fB\-p\fR
+Generate aggregate statistics for parent domains. Top level domains
+are not shown, nor are domains with fewer than \fImin_subdomains\fR
+subdomains. The names of parent domains are shown with a leading dot,
+(e.g. \fI.example.com\fR).
+.IP "\fB\-m \fImin_subdomains\fR"
+When used with the \fB\-p\fR option, sets the minimum subdomain count
+needed to show a separate line for a parent domain. The default is 5.
+.IP "\fB\-b \fIbucket_count\fR"
+The age distribution is broken up into a sequence of geometrically
+increasing intervals. This option sets the number of intervals
+or "buckets". Each bucket has a maximum queue age that is twice
+as large as that of the previous bucket. The last bucket has no
+age limit.
+.IP "\fB\-t \fIbucket_time\fR"
+The age limit in minutes for the first time bucket. The default
+value is 5, meaning that the first bucket counts messages between
+0 and 5 minutes old.
+.IP "\fB\-l\fR"
+Instead of using a geometric age sequence, use a linear age sequence,
+in other words simple multiples of \fBbucket_time\fR.
+
+This feature is available in Postfix 2.2 and later.
+.IP "\fB\-w \fIterminal_width\fR"
+The output is right justified, with the counts for the last
+bucket shown on the 80th column, the \fIterminal_width\fR can be
+adjusted for wider screens allowing more buckets to be displayed
+without truncating the domain names on the left. When a row for a
+full domain name and its counters does not fit in the specified
+number of columns, only the last 17 bytes of the domain name
+are shown with the prefix replaced by a '+' character. Truncated
+parent domain rows are shown as '.+' followed by the last 16 bytes
+of the domain name. If this is still too narrow to show the domain
+name and all the counters, the terminal_width limit is violated.
+.IP "\fB\-N \fIbatch_msg_count\fR"
+When the output device is a terminal, intermediate results are
+shown each "batch_msg_count" messages. This produces usable results
+in a reasonable time even when the deferred queue is large. The
+default is to show intermediate results every 1000 messages.
+.IP "\fB\-n \fIbatch_top_domains\fR"
+When reporting intermediate or final results to a termainal, report
+only the top "batch_top_domains" domains. The default limit is 20
+domains.
+.IP "\fB\-c \fIconfig_directory\fR"
+The \fBmain.cf\fR configuration file is in the named directory
+instead of the default configuration directory.
+.PP
+Arguments:
+.IP \fIqueue_name\fR
+By default \fBqshape\fR displays the combined distribution of
+the incoming and active queues. To display a different set of
+queues, just list their directory names on the command line.
+Absolute paths are used as is, other paths are taken relative
+to the \fBmain.cf\fR \fBqueue_directory\fR parameter setting.
+While \fBmain.cf\fR supports the use of \fI$variable\fR expansion
+in the definition of the \fBqueue_directory\fR parameter, the
+\fBqshape\fR program does not. If you must use variable expansions
+in the \fBqueue_directory\fR setting, you must specify an explicit
+absolute path for each queue subdirectory even if you want the
+default incoming and active queue distribution.
+.SH "SEE ALSO"
+.na
+.nf
+mailq(1), List all messages in the queue.
+QSHAPE_README Examples and background material.
+.SH "FILES"
+.na
+.nf
+$config_directory/main.cf, Postfix installation parameters.
+$queue_directory/maildrop/, local submission directory.
+$queue_directory/incoming/, new message queue.
+$queue_directory/hold/, messages waiting for tech support.
+$queue_directory/active/, messages scheduled for delivery.
+$queue_directory/deferred/, messages postponed for later delivery.
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Victor Duchovni
+Morgan Stanley
diff --git a/man/man1/sendmail.1 b/man/man1/sendmail.1
new file mode 100644
index 0000000..22affe6
--- /dev/null
+++ b/man/man1/sendmail.1
@@ -0,0 +1,512 @@
+.TH SENDMAIL 1
+.ad
+.fi
+.SH NAME
+sendmail
+\-
+Postfix to Sendmail compatibility interface
+.SH "SYNOPSIS"
+.na
+.nf
+\fBsendmail\fR [\fIoption ...\fR] [\fIrecipient ...\fR]
+
+\fBmailq\fR
+\fBsendmail \-bp\fR
+
+\fBnewaliases\fR
+\fBsendmail \-I\fR
+.SH DESCRIPTION
+.ad
+.fi
+The Postfix \fBsendmail\fR(1) command implements the Postfix
+to Sendmail compatibility interface.
+For the sake of compatibility with existing applications, some
+Sendmail command\-line options are recognized but silently ignored.
+
+By default, Postfix \fBsendmail\fR(1) reads a message from
+standard input
+until EOF or until it reads a line with only a \fB.\fR character,
+and arranges for delivery. Postfix \fBsendmail\fR(1) relies on the
+\fBpostdrop\fR(1) command to create a queue file in the \fBmaildrop\fR
+directory.
+
+Specific command aliases are provided for other common modes of
+operation:
+.IP \fBmailq\fR
+List the mail queue. Each entry shows the queue file ID, message
+size, arrival time, sender, and the recipients that still need to
+be delivered. If mail could not be delivered upon the last attempt,
+the reason for failure is shown. The queue ID string is
+followed by an optional status character:
+.RS
+.IP \fB*\fR
+The message is in the \fBactive\fR queue, i.e. the message is
+selected for delivery.
+.IP \fB!\fR
+The message is in the \fBhold\fR queue, i.e. no further delivery
+attempt will be made until the mail is taken off hold.
+.IP \fB#\fR
+The message is forced to expire. See the \fBpostsuper\fR(1)
+options \fB\-e\fR or \fB\-f\fR.
+.RE
+.IP
+This mode of operation is implemented by executing the
+\fBpostqueue\fR(1) command.
+.IP \fBnewaliases\fR
+Initialize the alias database. If no input file is specified (with
+the \fB\-oA\fR option, see below), the program processes the file(s)
+specified with the \fBalias_database\fR configuration parameter.
+If no alias database type is specified, the program uses the type
+specified with the \fBdefault_database_type\fR configuration parameter.
+This mode of operation is implemented by running the \fBpostalias\fR(1)
+command.
+.sp
+Note: it may take a minute or so before an alias database update
+becomes visible. Use the "\fBpostfix reload\fR" command to eliminate
+this delay.
+.PP
+These and other features can be selected by specifying the
+appropriate combination of command\-line options. Some features are
+controlled by parameters in the \fBmain.cf\fR configuration file.
+
+The following options are recognized:
+.IP "\fB\-Am\fR (ignored)"
+.IP "\fB\-Ac\fR (ignored)"
+Postfix sendmail uses the same configuration file regardless of
+whether or not a message is an initial submission.
+.IP "\fB\-B \fIbody_type\fR"
+The message body MIME type: \fB7BIT\fR or \fB8BITMIME\fR.
+.IP \fB\-bd\fR
+Go into daemon mode. This mode of operation is implemented by
+executing the "\fBpostfix start\fR" command.
+.IP "\fB\-bh\fR (ignored)"
+.IP "\fB\-bH\fR (ignored)"
+Postfix has no persistent host status database.
+.IP \fB\-bi\fR
+Initialize alias database. See the \fBnewaliases\fR
+command above.
+.IP \fB\-bl\fR
+Go into daemon mode. To accept only local connections as
+with Sendmail's \fB\-bl\fR option, specify "\fBinet_interfaces
+= loopback\fR" in the Postfix \fBmain.cf\fR configuration
+file.
+.IP \fB\-bm\fR
+Read mail from standard input and arrange for delivery.
+This is the default mode of operation.
+.IP \fB\-bp\fR
+List the mail queue. See the \fBmailq\fR command above.
+.IP \fB\-bs\fR
+Stand\-alone SMTP server mode. Read SMTP commands from
+standard input, and write responses to standard output.
+In stand\-alone SMTP server mode, mail relaying and other
+access controls are disabled by default. To enable them,
+run the process as the \fBmail_owner\fR user.
+.sp
+This mode of operation is implemented by running the
+\fBsmtpd\fR(8) daemon.
+.IP \fB\-bv\fR
+Do not collect or deliver a message. Instead, send an email
+report after verifying each recipient address. This is useful
+for testing address rewriting and routing configurations.
+.sp
+This feature is available in Postfix version 2.1 and later.
+.IP "\fB\-C \fIconfig_file\fR"
+.IP "\fB\-C \fIconfig_dir\fR"
+The path name of the Postfix \fBmain.cf\fR file, or of its
+parent directory. This information is ignored with Postfix
+versions before 2.3.
+
+With Postfix version 3.2 and later, a non\-default directory
+must be authorized in the default \fBmain.cf\fR file, through
+the alternate_config_directories or multi_instance_directories
+parameters.
+
+With all Postfix versions, you can specify a directory pathname
+with the MAIL_CONFIG environment variable to override the
+location of configuration files.
+.IP "\fB\-F \fIfull_name\fR"
+Set the sender full name. This overrides the NAME environment
+variable, and is used only with messages that
+have no \fBFrom:\fR message header.
+.IP "\fB\-f \fIsender\fR"
+Set the envelope sender address. This is the address where
+delivery problems are sent to. With Postfix versions before 2.1, the
+\fBErrors\-To:\fR message header overrides the error return address.
+.IP \fB\-G\fR
+Gateway (relay) submission, as opposed to initial user
+submission. Either do not rewrite addresses at all, or
+update incomplete addresses with the domain information
+specified with \fBremote_header_rewrite_domain\fR.
+
+This option is ignored before Postfix version 2.3.
+.IP "\fB\-h \fIhop_count\fR (ignored)"
+Hop count limit. Use the \fBhopcount_limit\fR configuration
+parameter instead.
+.IP \fB\-I\fR
+Initialize alias database. See the \fBnewaliases\fR
+command above.
+.IP "\fB\-i\fR"
+When reading a message from standard input, don't treat a line
+with only a \fB.\fR character as the end of input.
+.IP "\fB\-L \fIlabel\fR (ignored)"
+The logging label. Use the \fBsyslog_name\fR configuration
+parameter instead.
+.IP "\fB\-m\fR (ignored)"
+Backwards compatibility.
+.IP "\fB\-N \fIdsn\fR (default: 'delay, failure')"
+Delivery status notification control. Specify either a
+comma\-separated list with one or more of \fBfailure\fR (send
+notification when delivery fails), \fBdelay\fR (send
+notification when delivery is delayed), or \fBsuccess\fR
+(send notification when the message is delivered); or specify
+\fBnever\fR (don't send any notifications at all).
+
+This feature is available in Postfix 2.3 and later.
+.IP "\fB\-n\fR (ignored)"
+Backwards compatibility.
+.IP "\fB\-oA\fIalias_database\fR"
+Non\-default alias database. Specify \fIpathname\fR or
+\fItype\fR:\fIpathname\fR. See \fBpostalias\fR(1) for
+details.
+.IP "\fB\-O \fIoption=value\fR (ignored)"
+Set the named \fIoption\fR to \fIvalue\fR. Use the equivalent
+configuration parameter in \fBmain.cf\fR instead.
+.IP "\fB\-o7\fR (ignored)"
+.IP "\fB\-o8\fR (ignored)"
+To send 8\-bit or binary content, use an appropriate MIME encapsulation
+and specify the appropriate \fB\-B\fR command\-line option.
+.IP "\fB\-oi\fR"
+When reading a message from standard input, don't treat a line
+with only a \fB.\fR character as the end of input.
+.IP "\fB\-om\fR (ignored)"
+The sender is never eliminated from alias etc. expansions.
+.IP "\fB\-o \fIx value\fR (ignored)"
+Set option \fIx\fR to \fIvalue\fR. Use the equivalent
+configuration parameter in \fBmain.cf\fR instead.
+.IP "\fB\-r \fIsender\fR"
+Set the envelope sender address. This is the address where
+delivery problems are sent to. With Postfix versions before 2.1, the
+\fBErrors\-To:\fR message header overrides the error return address.
+.IP "\fB\-R \fIreturn\fR"
+Delivery status notification control. Specify "hdrs" to
+return only the header when a message bounces, "full" to
+return a full copy (the default behavior).
+
+The \fB\-R\fR option specifies an upper bound; Postfix will
+return only the header, when a full copy would exceed the
+bounce_size_limit setting.
+
+This option is ignored before Postfix version 2.10.
+.IP \fB\-q\fR
+Attempt to deliver all queued mail. This is implemented by
+executing the \fBpostqueue\fR(1) command.
+
+Warning: flushing undeliverable mail frequently will result in
+poor delivery performance of all other mail.
+.IP "\fB\-q\fIinterval\fR (ignored)"
+The interval between queue runs. Use the \fBqueue_run_delay\fR
+configuration parameter instead.
+.IP \fB\-qI\fIqueueid\fR
+Schedule immediate delivery of mail with the specified queue
+ID. This option is implemented by executing the
+\fBpostqueue\fR(1) command, and is available with Postfix
+version 2.4 and later.
+.IP \fB\-qR\fIsite\fR
+Schedule immediate delivery of all mail that is queued for the named
+\fIsite\fR. This option accepts only \fIsite\fR names that are
+eligible for the "fast flush" service, and is implemented by
+executing the \fBpostqueue\fR(1) command.
+See \fBflush\fR(8) for more information about the "fast flush"
+service.
+.IP \fB\-qS\fIsite\fR
+This command is not implemented. Use the slower "\fBsendmail \-q\fR"
+command instead.
+.IP \fB\-t\fR
+Extract recipients from message headers. These are added to any
+recipients specified on the command line.
+
+With Postfix versions prior to 2.1, this option requires that
+no recipient addresses are specified on the command line.
+.IP "\fB\-U\fR (ignored)"
+Initial user submission.
+.IP "\fB\-V \fIenvid\fR"
+Specify the envelope ID for notification by servers that
+support DSN.
+
+This feature is available in Postfix 2.3 and later.
+.IP "\fB\-XV\fR (Postfix 2.2 and earlier: \fB\-V\fR)"
+Variable Envelope Return Path. Given an envelope sender address
+of the form \fIowner\-listname\fR@\fIorigin\fR, each recipient
+\fIuser\fR@\fIdomain\fR receives mail with a personalized envelope
+sender address.
+.sp
+By default, the personalized envelope sender address is
+\fIowner\-listname\fB+\fIuser\fB=\fIdomain\fR@\fIorigin\fR. The default
+\fB+\fR and \fB=\fR characters are configurable with the
+\fBdefault_verp_delimiters\fR configuration parameter.
+.IP "\fB\-XV\fIxy\fR (Postfix 2.2 and earlier: \fB\-V\fIxy\fR)"
+As \fB\-XV\fR, but uses \fIx\fR and \fIy\fR as the VERP delimiter
+characters, instead of the characters specified with the
+\fBdefault_verp_delimiters\fR configuration parameter.
+.IP \fB\-v\fR
+Send an email report of the first delivery attempt (Postfix
+versions 2.1 and later). Mail delivery
+always happens in the background. When multiple \fB\-v\fR
+options are given, enable verbose logging for debugging purposes.
+.IP "\fB\-X \fIlog_file\fR (ignored)"
+Log mailer traffic. Use the \fBdebug_peer_list\fR and
+\fBdebug_peer_level\fR configuration parameters instead.
+.SH "SECURITY"
+.na
+.nf
+.ad
+.fi
+By design, this program is not set\-user (or group) id.
+It is prepared to handle message content from untrusted,
+possibly remote, users.
+
+However, like most Postfix programs, this program does not
+enforce a security policy on its command\-line arguments.
+Instead, it relies on the UNIX system to enforce access
+policies based on the effective user and group IDs of the
+process. Concretely, this means that running Postfix commands
+as root (from sudo or equivalent) on behalf of a non\-root
+user is likely to create privilege escalation opportunities.
+
+If an application runs any Postfix programs on behalf of
+users that do not have normal shell access to Postfix
+commands, then that application MUST restrict user\-specified
+command\-line arguments to avoid privilege escalation.
+.IP \(bu
+Filter all command\-line arguments, for example arguments
+that contain a pathname or that specify a database access
+method. These pathname checks must reject user\-controlled
+symlinks or hardlinks to sensitive files, and must not be
+vulnerable to TOCTOU race attacks.
+.IP \(bu
+Disable command options processing for all command arguments
+that contain user\-specified data. For example, the Postfix
+\fBsendmail\fR(1) command line MUST be structured as follows:
+
+.nf
+ \fB/path/to/sendmail\fR \fIsystem\-arguments\fR \fB\-\-\fR \fIuser\-arguments\fR
+.fi
+
+Here, the "\fB\-\-\fR" disables command option processing for
+all \fIuser\-arguments\fR that follow.
+.IP
+Without the "\fB\-\-\fR", a malicious user could enable Postfix
+\fBsendmail\fR(1) command options, by specifying an email
+address that starts with "\fB\-\fR".
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8),
+and to the standard error stream.
+.SH "ENVIRONMENT"
+.na
+.nf
+.ad
+.fi
+.IP \fBMAIL_CONFIG\fR
+Directory with Postfix configuration files.
+.IP "\fBMAIL_VERBOSE\fR (value does not matter)"
+Enable verbose logging for debugging purposes.
+.IP "\fBMAIL_DEBUG\fR (value does not matter)"
+Enable debugging with an external command, as specified with the
+\fBdebugger_command\fR configuration parameter.
+.IP \fBNAME\fR
+The sender full name. This is used only with messages that
+have no \fBFrom:\fR message header. See also the \fB\-F\fR
+option above.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+The following \fBmain.cf\fR parameters are especially relevant to
+this program.
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.SH "COMPATIBILITY CONTROLS"
+.na
+.nf
+.ad
+.fi
+Available with Postfix 2.9 and later:
+.IP "\fBsendmail_fix_line_endings (always)\fR"
+Controls how the Postfix sendmail command converts email message
+line endings from <CR><LF> into UNIX format (<LF>).
+.SH "TROUBLE SHOOTING CONTROLS"
+.na
+.nf
+.ad
+.fi
+The DEBUG_README file gives examples of how to troubleshoot a
+Postfix system.
+.IP "\fBdebugger_command (empty)\fR"
+The external command to execute when a Postfix daemon program is
+invoked with the \-D option.
+.IP "\fBdebug_peer_level (2)\fR"
+The increment in verbose logging level when a nexthop destination,
+remote client or server name or network address matches a pattern
+given with the debug_peer_list parameter.
+.IP "\fBdebug_peer_list (empty)\fR"
+Optional list of nexthop destination, remote client or server
+name or network address patterns that, if matched, cause the verbose
+logging level to increase by the amount specified in $debug_peer_level.
+.SH "ACCESS CONTROLS"
+.na
+.nf
+.ad
+.fi
+Available in Postfix version 2.2 and later:
+.IP "\fBauthorized_flush_users (static:anyone)\fR"
+List of users who are authorized to flush the queue.
+.IP "\fBauthorized_mailq_users (static:anyone)\fR"
+List of users who are authorized to view the queue.
+.IP "\fBauthorized_submit_users (static:anyone)\fR"
+List of users who are authorized to submit mail with the \fBsendmail\fR(1)
+command (and with the privileged \fBpostdrop\fR(1) helper command).
+.SH "RESOURCE AND RATE CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBbounce_size_limit (50000)\fR"
+The maximal amount of original message text that is sent in a
+non\-delivery notification.
+.IP "\fBfork_attempts (5)\fR"
+The maximal number of attempts to fork() a child process.
+.IP "\fBfork_delay (1s)\fR"
+The delay between attempts to fork() a child process.
+.IP "\fBhopcount_limit (50)\fR"
+The maximal number of Received: message headers that is allowed
+in the primary message headers.
+.IP "\fBqueue_run_delay (300s)\fR"
+The time between deferred queue scans by the queue manager;
+prior to Postfix 2.4 the default value was 1000s.
+.SH "FAST FLUSH CONTROLS"
+.na
+.nf
+.ad
+.fi
+The ETRN_README file describes configuration and operation
+details for the Postfix "fast flush" service.
+.IP "\fBfast_flush_domains ($relay_domains)\fR"
+Optional list of destinations that are eligible for per\-destination
+logfiles with mail that is queued to those destinations.
+.SH "VERP CONTROLS"
+.na
+.nf
+.ad
+.fi
+The VERP_README file describes configuration and operation
+details of Postfix support for variable envelope return
+path addresses.
+.IP "\fBdefault_verp_delimiters (+=)\fR"
+The two default VERP delimiter characters.
+.IP "\fBverp_delimiter_filter (\-=+)\fR"
+The characters Postfix accepts as VERP delimiter characters on the
+Postfix \fBsendmail\fR(1) command line and in SMTP commands.
+.SH "MISCELLANEOUS CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBalias_database (see 'postconf -d' output)\fR"
+The alias databases for \fBlocal\fR(8) delivery that are updated with
+"\fBnewaliases\fR" or with "\fBsendmail \-bi\fR".
+.IP "\fBcommand_directory (see 'postconf -d' output)\fR"
+The location of all postfix administrative commands.
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBdaemon_directory (see 'postconf -d' output)\fR"
+The directory with Postfix support programs and daemon programs.
+.IP "\fBdefault_database_type (see 'postconf -d' output)\fR"
+The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1)
+and \fBpostmap\fR(1) commands.
+.IP "\fBdelay_warning_time (0h)\fR"
+The time after which the sender receives a copy of the message
+headers of mail that is still queued.
+.IP "\fBimport_environment (see 'postconf -d' output)\fR"
+The list of environment variables that a privileged Postfix
+process will import from a non\-Postfix parent process, or name=value
+environment overrides.
+.IP "\fBmail_owner (postfix)\fR"
+The UNIX system account that owns the Postfix queue and most Postfix
+daemon processes.
+.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
+The location of the Postfix top\-level queue directory.
+.IP "\fBremote_header_rewrite_domain (empty)\fR"
+Don't rewrite message headers from remote clients at all when
+this parameter is empty; otherwise, rewrite message headers and
+append the specified domain name to incomplete addresses.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Postfix 3.2 and later:
+.IP "\fBalternate_config_directories (empty)\fR"
+A list of non\-default Postfix configuration directories that may
+be specified with "\-c config_directory" on the command line (in the
+case of \fBsendmail\fR(1), with the "\-C" option), or via the MAIL_CONFIG
+environment parameter.
+.IP "\fBmulti_instance_directories (empty)\fR"
+An optional list of non\-default Postfix configuration directories;
+these directories belong to additional Postfix instances that share
+the Postfix executable files and documentation with the default
+Postfix instance, and that are started, stopped, etc., together
+with the default Postfix instance.
+.SH "FILES"
+.na
+.nf
+/var/spool/postfix, mail queue
+/etc/postfix, configuration files
+.SH "SEE ALSO"
+.na
+.nf
+pickup(8), mail pickup daemon
+qmgr(8), queue manager
+smtpd(8), SMTP server
+flush(8), fast flush service
+postsuper(1), queue maintenance
+postalias(1), create/update/query alias database
+postdrop(1), mail posting utility
+postfix(1), mail system control
+postqueue(1), mail queue control
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "README_FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+DEBUG_README, Postfix debugging howto
+ETRN_README, Postfix ETRN howto
+VERP_README, Postfix VERP howto
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man1/smtp-sink.1 b/man/man1/smtp-sink.1
new file mode 100644
index 0000000..17bb89c
--- /dev/null
+++ b/man/man1/smtp-sink.1
@@ -0,0 +1,276 @@
+.TH SMTP-SINK 1
+.ad
+.fi
+.SH NAME
+smtp-sink
+\-
+parallelized SMTP/LMTP test server
+.SH "SYNOPSIS"
+.na
+.nf
+.fi
+\fBsmtp\-sink\fR [\fIoptions\fR] [\fBinet:\fR][\fIhost\fR]:\fIport\fR
+\fIbacklog\fR
+
+\fBsmtp\-sink\fR [\fIoptions\fR] \fBunix:\fR\fIpathname\fR \fIbacklog\fR
+.SH DESCRIPTION
+.ad
+.fi
+\fBsmtp\-sink\fR listens on the named host (or address) and port.
+It takes SMTP messages from the network and throws them away.
+The purpose is to measure client performance, not protocol
+compliance.
+
+\fBsmtp\-sink\fR may also be configured to capture each mail
+delivery transaction to file. Since disk latencies are large
+compared to network delays, this mode of operation can
+reduce the maximal performance by several orders of magnitude.
+
+Connections can be accepted on IPv4 or IPv6 endpoints, or on
+UNIX\-domain sockets.
+IPv4 and IPv6 are the default.
+This program is the complement of the \fBsmtp\-source\fR(1) program.
+
+Note: this is an unsupported test program. No attempt is made
+to maintain compatibility between successive versions.
+
+Arguments:
+.IP \fB\-4\fR
+Support IPv4 only. This option has no effect when
+Postfix is built without IPv6 support.
+.IP \fB\-6\fR
+Support IPv6 only. This option is not available when
+Postfix is built without IPv6 support.
+.IP \fB\-8\fR
+Do not announce 8BITMIME support.
+.IP \fB\-a\fR
+Do not announce SASL authentication support.
+.IP "\fB\-A \fIdelay\fR"
+Wait \fIdelay\fR seconds after responding to DATA, then
+abort prematurely with a 550 reply status. Do not read
+further input from the client; this is an attempt to block
+the client before it sends ".". Specify a zero delay value
+to abort immediately.
+.IP "\fB\-b \fIsoft\-bounce\-reply\fR"
+Use \fIsoft\-bounce\-reply\fR for soft reject responses. The
+default reply is "450 4.3.0 Error: command failed".
+.IP "\fB\-B \fIhard\-bounce\-reply\fR"
+Use \fIhard\-bounce\-reply\fR for hard reject responses. The
+default reply is "500 5.3.0 Error: command failed".
+.IP \fB\-c\fR
+Display running counters that are updated whenever an SMTP
+session ends, a QUIT command is executed, or when "." is
+received.
+.IP \fB\-C\fR
+Disable XCLIENT support.
+.IP "\fB\-d \fIdump\-template\fR"
+Dump each mail transaction to a single\-message file whose
+name is created by expanding the \fIdump\-template\fR via
+strftime(3) and appending a pseudo\-random hexadecimal number
+(example: "%Y%m%d%H/%M." expands into "2006081203/05.809a62e3").
+If the template contains "/" characters, missing directories
+are created automatically. The message dump format is
+described below.
+.sp
+Note: this option keeps one capture file open for every
+mail transaction in progress.
+.IP "\fB\-D \fIdump\-template\fR"
+Append mail transactions to a multi\-message dump file whose
+name is created by expanding the \fIdump\-template\fR via
+strftime(3).
+If the template contains "/" characters, missing directories
+are created automatically. The message dump format is
+described below.
+.sp
+Note: this option keeps one capture file open for every
+mail transaction in progress.
+.IP \fB\-e\fR
+Do not announce ESMTP support.
+.IP \fB\-E\fR
+Do not announce ENHANCEDSTATUSCODES support.
+.IP "\fB\-f \fIcommand,command,...\fR"
+Reject the specified commands with a hard (5xx) error code.
+This option implies \fB\-p\fR.
+.sp
+Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT, VRFY,
+DATA, ., RSET, NOOP, and QUIT. Separate command names by
+white space or commas, and use quotes to protect white space
+from the shell. Command names are case\-insensitive.
+.IP \fB\-F\fR
+Disable XFORWARD support.
+.IP "\fB\-h\fI hostname\fR"
+Use \fIhostname\fR in the SMTP greeting, in the HELO response,
+and in the EHLO response. The default hostname is "smtp\-sink".
+.IP "\fB\-H\fI delay\fR"
+Delay the first read operation after receiving DATA (time
+in seconds). Combine with a large test message and a small
+TCP window size (see the \fB\-T\fR option) to test the Postfix
+client write_wait() implementation.
+.IP \fB\-L\fR
+Enable LMTP instead of SMTP.
+.IP "\fB\-m \fIcount\fR (default: 256)"
+An upper bound on the maximal number of simultaneous
+connections that \fBsmtp\-sink\fR will handle. This prevents
+the process from running out of file descriptors. Excess
+connections will stay queued in the TCP/IP stack.
+.IP "\fB\-M \fIcount\fR"
+Terminate after receiving \fIcount\fR messages.
+.IP "\fB\-n \fIcount\fR"
+Terminate after \fIcount\fR sessions.
+.IP \fB\-N\fR
+Do not announce support for DSN.
+.IP \fB\-p\fR
+Do not announce support for ESMTP command pipelining.
+.IP \fB\-P\fR
+Change the server greeting so that it appears to come through
+a CISCO PIX system. Implies \fB\-e\fR.
+.IP "\fB\-q \fIcommand,command,...\fR"
+Disconnect (without replying) after receiving one of the
+specified commands.
+.sp
+Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT, VRFY,
+DATA, ., RSET, NOOP, and QUIT. Separate command names by
+white space or commas, and use quotes to protect white space
+from the shell. Command names are case\-insensitive.
+.IP "\fB\-Q \fIcommand,command,...\fR"
+Send a 421 reply and disconnect after receiving one
+of the specified commands.
+.sp
+Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT, VRFY,
+DATA, ., RSET, NOOP, and QUIT. Separate command names by
+white space or commas, and use quotes to protect white space
+from the shell. Command names are case\-insensitive.
+.IP "\fB\-r \fIcommand,command,...\fR"
+Reject the specified commands with a soft (4xx) error code.
+This option implies \fB\-p\fR.
+.sp
+Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT, VRFY,
+DATA, ., RSET, NOOP, and QUIT. Separate command names by
+white space or commas, and use quotes to protect white space
+from the shell. Command names are case\-insensitive.
+.IP "\fB\-R \fIroot\-directory\fR"
+Change the process root directory to the specified location.
+This option requires super\-user privileges. See also the
+\fB\-u\fR option.
+.IP "\fB\-s \fIcommand,command,...\fR"
+Log the named commands to syslogd.
+.sp
+Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT, VRFY,
+DATA, ., RSET, NOOP, and QUIT. Separate command names by
+white space or commas, and use quotes to protect white space
+from the shell. Command names are case\-insensitive.
+.IP "\fB\-S start\-string\fR"
+An optional string that is prepended to each message that is
+written to a dump file (see the dump file format description
+below). The following C escape sequences are supported: \ea
+(bell), \eb (backspace), \ef (formfeed), \en (newline), \er
+(carriage return), \et (horizontal tab), \ev (vertical tab),
+\e\fIddd\fR (up to three octal digits) and \e\e (the backslash
+character).
+.IP "\fB\-t \fItimeout\fR (default: 100)"
+Limit the time for receiving a command or sending a response.
+The time limit is specified in seconds.
+.IP "\fB\-T \fIwindowsize\fR"
+Override the default TCP window size. To work around
+broken TCP window scaling implementations, specify a
+value > 0 and < 65536.
+.IP "\fB\-u \fIusername\fR"
+Switch to the specified user privileges after opening the
+network socket and optionally changing the process root
+directory. This option is required when the process runs
+with super\-user privileges. See also the \fB\-R\fR option.
+.IP \fB\-v\fR
+Show the SMTP conversations.
+.IP "\fB\-w \fIdelay\fR"
+Wait \fIdelay\fR seconds before responding to a DATA command.
+.IP "\fB\-W \fIcommand:delay[:odds]\fR"
+Wait \fIdelay\fR seconds before responding to \fIcommand\fR.
+If \fIodds\fR is also specified (a number between 1\-99
+inclusive), wait for a random multiple of \fIdelay\fR. The
+random multiplier is equal to the number of times the program
+needs to roll a dice with a range of 0..99 inclusive, before
+the dice produces a result greater than or equal to \fIodds\fR.
+.IP [\fBinet:\fR][\fIhost\fR]:\fIport\fR
+Listen on network interface \fIhost\fR (default: any interface)
+TCP port \fIport\fR. Both \fIhost\fR and \fIport\fR may be
+specified in numeric or symbolic form.
+.IP \fBunix:\fR\fIpathname\fR
+Listen on the UNIX\-domain socket at \fIpathname\fR.
+.IP \fIbacklog\fR
+The maximum length of the queue of pending connections,
+as defined by the \fBlisten\fR(2) system call.
+.SH "DUMP FILE FORMAT"
+.na
+.nf
+.ad
+.fi
+Each dumped message contains a sequence of text lines,
+terminated with the newline character. The sequence of
+information is as follows:
+.IP \(bu
+The optional string specified with the \fB\-S\fR option.
+.IP \(bu
+The \fBsmtp\-sink\fR generated headers as documented below.
+.IP \(bu
+The message header and body as received from the SMTP client.
+.IP \(bu
+An empty line.
+.PP
+The format of the \fBsmtp\-sink\fR generated headers is as
+follows:
+.IP "\fBX\-Client\-Addr: \fItext\fR"
+The client IP address without enclosing []. An IPv6 address
+is prefixed with "ipv6:". This record is always present.
+.IP "\fBX\-Client\-Proto: \fItext\fR"
+The client protocol: SMTP, ESMTP or LMTP. This record is
+always present.
+.IP "\fBX\-Helo\-Args: \fItext\fR"
+The arguments of the last HELO or EHLO command before this
+mail delivery transaction. This record is present only if
+the client sent a recognizable HELO or EHLO command before
+the DATA command.
+.IP "\fBX\-Mail\-Args: \fItext\fR"
+The arguments of the MAIL command that started this mail
+delivery transaction. This record is present exactly once.
+.IP "\fBX\-Rcpt\-Args: \fItext\fR"
+The arguments of an RCPT command within this mail delivery
+transaction. There is one record for each RCPT command, and
+they are in the order as sent by the client.
+.IP "\fBReceived: \fItext\fR"
+A message header for compatibility with mail processing
+software. This three\-line header marks the end of the headers
+provided by \fBsmtp\-sink\fR, and is formatted as follows:
+.RS
+.IP "\fBfrom \fIhelo\fR ([\fIaddr\fR])"
+The HELO or EHLO command argument and client IP address.
+If the client did not send HELO or EHLO, the client IP
+address is used instead.
+.IP "\fBby \fIhost\fB (smtp\-sink) with \fIproto\fB id \fIrandom\fB;\fR"
+The hostname specified with the \fB\-h\fR option, the client
+protocol (see \fBX\-Client\-Proto\fR above), and the pseudo\-random
+portion of the per\-message capture file name.
+.IP \fItime\-stamp\fR
+A time stamp as defined in RFC 2822.
+.RE
+.SH "SEE ALSO"
+.na
+.nf
+smtp\-source(1), SMTP/LMTP message generator
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man1/smtp-source.1 b/man/man1/smtp-source.1
new file mode 100644
index 0000000..014ee10
--- /dev/null
+++ b/man/man1/smtp-source.1
@@ -0,0 +1,127 @@
+.TH SMTP-SOURCE 1
+.ad
+.fi
+.SH NAME
+smtp-source
+\-
+parallelized SMTP/LMTP test generator
+.SH "SYNOPSIS"
+.na
+.nf
+.fi
+\fBsmtp\-source\fR [\fIoptions\fR] [\fBinet:\fR]\fIhost\fR[:\fIport\fR]
+
+\fBsmtp\-source\fR [\fIoptions\fR] \fBunix:\fIpathname\fR
+.SH DESCRIPTION
+.ad
+.fi
+\fBsmtp\-source\fR connects to the named \fIhost\fR and TCP \fIport\fR
+(default: port 25)
+and sends one or more messages to it, either sequentially
+or in parallel. The program speaks either SMTP (default) or
+LMTP.
+Connections can be made to UNIX\-domain and IPv4 or IPv6 servers.
+IPv4 and IPv6 are the default.
+
+Note: this is an unsupported test program. No attempt is made
+to maintain compatibility between successive versions.
+
+Arguments:
+.IP \fB\-4\fR
+Connect to the server with IPv4. This option has no effect when
+Postfix is built without IPv6 support.
+.IP \fB\-6\fR
+Connect to the server with IPv6. This option is not available when
+Postfix is built without IPv6 support.
+.IP "\fB\-A\fR"
+Don't abort when the server sends something other than the
+expected positive reply code.
+.IP \fB\-c\fR
+Display a running counter that is incremented each time
+an SMTP DATA command completes.
+.IP "\fB\-C \fIcount\fR"
+When a host sends RESET instead of SYN|ACK, try \fIcount\fR times
+before giving up. The default count is 1. Specify a larger count in
+order to work around a problem with TCP/IP stacks that send RESET
+when the listen queue is full.
+.IP \fB\-d\fR
+Don't disconnect after sending a message; send the next
+message over the same connection.
+.IP "\fB\-f \fIfrom\fR"
+Use the specified sender address (default: <foo@myhostname>).
+.IP "\fB\-F \fIfile\fR"
+Send the pre\-formatted message header and body in the
+specified \fIfile\fR, while prepending '.' before lines that
+begin with '.', and while appending CRLF after each line.
+.IP "\fB\-l \fIlength\fR"
+Send \fIlength\fR bytes as message payload. The length does not
+include message headers.
+.IP \fB\-L\fR
+Speak LMTP rather than SMTP.
+.IP "\fB\-m \fImessage_count\fR"
+Send the specified number of messages (default: 1).
+.IP "\fB\-M \fImyhostname\fR"
+Use the specified hostname or [address] in the HELO command
+and in the default sender and recipient addresses, instead
+of the machine hostname.
+.IP "\fB\-N\fR"
+Prepend a non\-repeating sequence number to each recipient
+address. This avoids the artificial 100% hit rate in the
+resolve and rewrite client caches and exercises the
+trivial\-rewrite daemon, better approximating Postfix
+performance under real\-life work\-loads.
+.IP \fB\-o\fR
+Old mode: don't send HELO, and don't send message headers.
+.IP "\fB\-r \fIrecipient_count\fR"
+Send the specified number of recipients per transaction (default: 1).
+Recipient names are generated by prepending a number to the
+recipient address.
+.IP "\fB\-R \fIinterval\fR"
+Wait for a random period of time 0 <= n <= interval between messages.
+Suspending one thread does not affect other delivery threads.
+.IP "\fB\-s \fIsession_count\fR"
+Run the specified number of SMTP sessions in parallel (default: 1).
+.IP "\fB\-S \fIsubject\fR"
+Send mail with the named subject line (default: none).
+.IP "\fB\-t \fIto\fR"
+Use the specified recipient address (default: <foo@myhostname>).
+.IP "\fB\-T \fIwindowsize\fR"
+Override the default TCP window size. To work around
+broken TCP window scaling implementations, specify a
+value > 0 and < 65536.
+.IP \fB\-v\fR
+Make the program more verbose, for debugging purposes.
+.IP "\fB\-w \fIinterval\fR"
+Wait a fixed time between messages.
+Suspending one thread does not affect other delivery threads.
+.IP [\fBinet:\fR]\fIhost\fR[:\fIport\fR]
+Connect via TCP to host \fIhost\fR, port \fIport\fR. The default
+port is \fBsmtp\fR.
+.IP \fBunix:\fIpathname\fR
+Connect to the UNIX\-domain socket at \fIpathname\fR.
+.SH BUGS
+.ad
+.fi
+No SMTP command pipelining support.
+.SH "SEE ALSO"
+.na
+.nf
+smtp\-sink(1), SMTP/LMTP message dump
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man5/access.5 b/man/man5/access.5
new file mode 100644
index 0000000..07725be
--- /dev/null
+++ b/man/man5/access.5
@@ -0,0 +1,480 @@
+.TH ACCESS 5
+.ad
+.fi
+.SH NAME
+access
+\-
+Postfix SMTP server access table
+.SH "SYNOPSIS"
+.na
+.nf
+\fBpostmap /etc/postfix/access\fR
+
+\fBpostmap \-q "\fIstring\fB" /etc/postfix/access\fR
+
+\fBpostmap \-q \- /etc/postfix/access <\fIinputfile\fR
+.SH DESCRIPTION
+.ad
+.fi
+This document describes access control on remote SMTP client
+information: host names, network addresses, and envelope
+sender or recipient addresses; it is implemented by the
+Postfix SMTP server. See \fBheader_checks\fR(5) or
+\fBbody_checks\fR(5) for access control on the content of
+email messages.
+
+Normally, the \fBaccess\fR(5) table is specified as a text file
+that serves as input to the \fBpostmap\fR(1) command.
+The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
+is used for fast searching by the mail system. Execute the
+command "\fBpostmap /etc/postfix/access\fR" to rebuild an
+indexed file after changing the corresponding text file.
+
+When the table is provided via other means such as NIS, LDAP
+or SQL, the same lookups are done as for ordinary indexed files.
+
+Alternatively, the table can be provided as a regular\-expression
+map where patterns are given as regular expressions, or lookups
+can be directed to a TCP\-based server. In those cases, the lookups
+are done in a slightly different way as described below under
+"REGULAR EXPRESSION TABLES" or "TCP\-BASED TABLES".
+.SH "CASE FOLDING"
+.na
+.nf
+.ad
+.fi
+The search string is folded to lowercase before database
+lookup. As of Postfix 2.3, the search string is not case
+folded with database types such as regexp: or pcre: whose
+lookup fields can match both upper and lower case.
+.SH "TABLE FORMAT"
+.na
+.nf
+.ad
+.fi
+The input format for the \fBpostmap\fR(1) command is as follows:
+.IP "\fIpattern action\fR"
+When \fIpattern\fR matches a mail address, domain or host address,
+perform the corresponding \fIaction\fR.
+.IP "blank lines and comments"
+Empty lines and whitespace\-only lines are ignored, as
+are lines whose first non\-whitespace character is a `#'.
+.IP "multi\-line text"
+A logical line starts with non\-whitespace text. A line that
+starts with whitespace continues a logical line.
+.SH "EMAIL ADDRESS PATTERNS"
+.na
+.nf
+.ad
+.fi
+With lookups from indexed files such as DB or DBM, or from networked
+tables such as NIS, LDAP or SQL, patterns are tried in the order as
+listed below:
+.IP \fIuser\fR@\fIdomain\fR
+Matches the specified mail address.
+.IP \fIdomain.tld\fR
+Matches \fIdomain.tld\fR as the domain part of an email address.
+.sp
+The pattern \fIdomain.tld\fR also matches subdomains, but only
+when the string \fBsmtpd_access_maps\fR is listed in the Postfix
+\fBparent_domain_matches_subdomains\fR configuration setting.
+.IP \fI.domain.tld\fR
+Matches subdomains of \fIdomain.tld\fR, but only when the
+string \fBsmtpd_access_maps\fR is not listed in the Postfix
+\fBparent_domain_matches_subdomains\fR configuration setting.
+.IP \fIuser\fR@
+Matches all mail addresses with the specified user part.
+.PP
+Note: lookup of the null sender address is not possible with
+some types of lookup table. By default, Postfix uses \fB<>\fR
+as the lookup key for such addresses. The value is specified with
+the \fBsmtpd_null_access_lookup_key\fR parameter in the Postfix
+\fBmain.cf\fR file.
+.SH "EMAIL ADDRESS EXTENSION"
+.na
+.nf
+.fi
+.ad
+When a mail address localpart contains the optional recipient delimiter
+(e.g., \fIuser+foo\fR@\fIdomain\fR), the lookup order becomes:
+\fIuser+foo\fR@\fIdomain\fR, \fIuser\fR@\fIdomain\fR, \fIdomain\fR,
+\fIuser+foo\fR@, and \fIuser\fR@.
+.SH "HOST NAME/ADDRESS PATTERNS"
+.na
+.nf
+.ad
+.fi
+With lookups from indexed files such as DB or DBM, or from networked
+tables such as NIS, LDAP or SQL, the following lookup patterns are
+examined in the order as listed:
+.IP \fIdomain.tld\fR
+Matches \fIdomain.tld\fR.
+.sp
+The pattern \fIdomain.tld\fR also matches subdomains, but only
+when the string \fBsmtpd_access_maps\fR is listed in the Postfix
+\fBparent_domain_matches_subdomains\fR configuration setting.
+.IP \fI.domain.tld\fR
+Matches subdomains of \fIdomain.tld\fR, but only when the
+string \fBsmtpd_access_maps\fR is not listed in the Postfix
+\fBparent_domain_matches_subdomains\fR configuration setting.
+.IP \fInet.work.addr.ess\fR
+.IP \fInet.work.addr\fR
+.IP \fInet.work\fR
+.IP \fInet\fR
+Matches a remote IPv4 host address or network address range.
+Specify one to four decimal octets separated by ".". Do not
+specify "[]" , "/", leading zeros, or hexadecimal forms.
+
+Network ranges are matched by repeatedly truncating the last
+".octet" from a remote IPv4 host address string, until a
+match is found in the access table, or until further
+truncation is not possible.
+
+NOTE: use the \fBcidr\fR lookup table type to specify
+network/netmask patterns. See \fBcidr_table\fR(5) for details.
+.IP \fInet:work:addr:ess\fR
+.IP \fInet:work:addr\fR
+.IP \fInet:work\fR
+.IP \fInet\fR
+Matches a remote IPv6 host address or network address range.
+Specify three to eight hexadecimal octet pairs separated
+by ":", using the compressed form "::" for a sequence of
+zero\-valued octet pairs. Do not specify "[]", "/", leading
+zeros, or non\-compressed forms.
+
+A network range is matched by repeatedly truncating the
+last ":octetpair" from the compressed\-form remote IPv6 host
+address string, until a match is found in the access table,
+or until further truncation is not possible.
+
+NOTE: use the \fBcidr\fR lookup table type to specify
+network/netmask patterns. See \fBcidr_table\fR(5) for details.
+
+IPv6 support is available in Postfix 2.2 and later.
+.SH "ACCEPT ACTIONS"
+.na
+.nf
+.ad
+.fi
+.IP \fBOK\fR
+Accept the address etc. that matches the pattern.
+.IP \fIall\-numerical\fR
+An all\-numerical result is treated as OK. This format is
+generated by address\-based relay authorization schemes
+such as pop\-before\-smtp.
+.PP
+For other accept actions, see "OTHER ACTIONS" below.
+.SH "REJECT ACTIONS"
+.na
+.nf
+.ad
+.fi
+Postfix version 2.3 and later support enhanced status codes
+as defined in RFC 3463.
+When no code is specified at the beginning of the \fItext\fR
+below, Postfix inserts a default enhanced status code of "5.7.1"
+in the case of reject actions, and "4.7.1" in the case of
+defer actions. See "ENHANCED STATUS CODES" below.
+.IP "\fB4\fINN text\fR"
+.IP "\fB5\fINN text\fR"
+Reject the address etc. that matches the pattern, and respond with
+the numerical three\-digit code and text. \fB4\fINN\fR means "try
+again later", while \fB5\fINN\fR means "do not try again".
+
+The following responses have special meaning for the Postfix
+SMTP server:
+.RS
+.IP "\fB421 \fItext\fR (Postfix 2.3 and later)"
+.IP "\fB521 \fItext\fR (Postfix 2.6 and later)"
+After responding with the numerical three\-digit code and
+text, disconnect immediately from the SMTP client. This
+frees up SMTP server resources so that they can be made
+available to another SMTP client.
+.IP
+Note: The "521" response should be used only with botnets
+and other malware where interoperability is of no concern.
+The "send 521 and disconnect" behavior is NOT defined in
+the SMTP standard.
+.RE
+.IP "\fBREJECT \fIoptional text...\fR
+Reject the address etc. that matches the pattern. Reply with
+"\fB$access_map_reject_code \fIoptional text...\fR" when the
+optional text is
+specified, otherwise reply with a generic error response message.
+.IP "\fBDEFER \fIoptional text...\fR
+Reject the address etc. that matches the pattern. Reply with
+"\fB$access_map_defer_code \fIoptional text...\fR" when the
+optional text is
+specified, otherwise reply with a generic error response message.
+.sp
+This feature is available in Postfix 2.6 and later.
+.IP "\fBDEFER_IF_REJECT \fIoptional text...\fR
+Defer the request if some later restriction would result in a
+REJECT action. Reply with "\fB$access_map_defer_code 4.7.1
+\fIoptional text...\fR" when the
+optional text is specified, otherwise reply with a generic error
+response message.
+.sp
+Prior to Postfix 2.6, the SMTP reply code is 450.
+.sp
+This feature is available in Postfix 2.1 and later.
+.IP "\fBDEFER_IF_PERMIT \fIoptional text...\fR
+Defer the request if some later restriction would result in
+an explicit or implicit PERMIT action.
+Reply with "\fB$access_map_defer_code 4.7.1 \fI optional
+text...\fR" when the
+optional text is specified, otherwise reply with a generic error
+response message.
+.sp
+Prior to Postfix 2.6, the SMTP reply code is 450.
+.sp
+This feature is available in Postfix 2.1 and later.
+.PP
+For other reject actions, see "OTHER ACTIONS" below.
+.SH "OTHER ACTIONS"
+.na
+.nf
+.ad
+.fi
+.IP \fIrestriction...\fR
+Apply the named UCE restriction(s) (\fBpermit\fR, \fBreject\fR,
+\fBreject_unauth_destination\fR, and so on).
+.IP "\fBBCC \fIuser@domain\fR"
+Send one copy of the message to the specified recipient.
+.sp
+If multiple BCC actions are specified within the same SMTP
+MAIL transaction, with Postfix 3.0 only the last action
+will be used.
+.sp
+This feature is available in Postfix 3.0 and later.
+.IP "\fBDISCARD \fIoptional text...\fR
+Claim successful delivery and silently discard the message.
+Log the optional text if specified, otherwise log a generic
+message.
+.sp
+Note: this action currently affects all recipients of the message.
+To discard only one recipient without discarding the entire message,
+use the transport(5) table to direct mail to the discard(8) service.
+.sp
+This feature is available in Postfix 2.0 and later.
+.IP \fBDUNNO\fR
+Pretend that the lookup key was not found. This
+prevents Postfix from trying substrings of the lookup key
+(such as a subdomain name, or a network address subnetwork).
+.sp
+This feature is available in Postfix 2.0 and later.
+.IP "\fBFILTER \fItransport:destination\fR"
+After the message is queued, send the entire message through
+the specified external content filter. The \fItransport\fR
+name specifies the first field of a mail delivery agent
+definition in master.cf; the syntax of the next\-hop
+\fIdestination\fR is described in the manual page of the
+corresponding delivery agent. More information about
+external content filters is in the Postfix FILTER_README
+file.
+.sp
+Note 1: do not use $\fInumber\fR regular expression
+substitutions for \fItransport\fR or \fIdestination\fR
+unless you know that the information has a trusted origin.
+.sp
+Note 2: this action overrides the main.cf \fBcontent_filter\fR
+setting, and affects all recipients of the message. In the
+case that multiple \fBFILTER\fR actions fire, only the last
+one is executed.
+.sp
+Note 3: the purpose of the FILTER command is to override
+message routing. To override the recipient's \fItransport\fR
+but not the next\-hop \fIdestination\fR, specify an empty
+filter \fIdestination\fR (Postfix 2.7 and later), or specify
+a \fItransport:destination\fR that delivers through a
+different Postfix instance (Postfix 2.6 and earlier). Other
+options are using the recipient\-dependent \fBtrans\%port\%_maps\fR
+or the sen\%der\-dependent
+\fBsender\%_de\%pen\%dent\%_de\%fault\%_trans\%port\%_maps\fR
+features.
+.sp
+This feature is available in Postfix 2.0 and later.
+.IP "\fBHOLD \fIoptional text...\fR"
+Place the message on the \fBhold\fR queue, where it will
+sit until someone either deletes it or releases it for
+delivery.
+Log the optional text if specified, otherwise log a generic
+message.
+
+Mail that is placed on hold can be examined with the
+\fBpostcat\fR(1) command, and can be destroyed or released with
+the \fBpostsuper\fR(1) command.
+.sp
+Note: use "\fBpostsuper \-r\fR" to release mail that was kept on
+hold for a significant fraction of \fB$maximal_queue_lifetime\fR
+or \fB$bounce_queue_lifetime\fR, or longer. Use "\fBpostsuper \-H\fR"
+only for mail that will not expire within a few delivery attempts.
+.sp
+Note: this action currently affects all recipients of the message.
+.sp
+This feature is available in Postfix 2.0 and later.
+.IP "\fBPREPEND \fIheadername: headervalue\fR"
+Prepend the specified message header to the message.
+When more than one PREPEND action executes, the first
+prepended header appears before the second etc. prepended
+header.
+.sp
+Note: this action must execute before the message content
+is received; it cannot execute in the context of
+\fBsmtpd_end_of_data_restrictions\fR.
+.sp
+This feature is available in Postfix 2.1 and later.
+.IP "\fBREDIRECT \fIuser@domain\fR"
+After the message is queued, send the message to the specified
+address instead of the intended recipient(s). When multiple
+\fBREDIRECT\fR actions fire, only the last one takes effect.
+.sp
+Note: this action overrides the FILTER action, and currently
+overrides all recipients of the message.
+.sp
+This feature is available in Postfix 2.1 and later.
+.IP "\fBINFO \fIoptional text...\fR
+Log an informational record with the optional text, together
+with client information and if available, with helo, sender,
+recipient and protocol information.
+.sp
+This feature is available in Postfix 3.0 and later.
+.IP "\fBWARN \fIoptional text...\fR
+Log a warning with the optional text, together with client information
+and if available, with helo, sender, recipient and protocol information.
+.sp
+This feature is available in Postfix 2.1 and later.
+.SH "ENHANCED STATUS CODES"
+.na
+.nf
+.ad
+.fi
+Postfix version 2.3 and later support enhanced status codes
+as defined in RFC 3463.
+When an enhanced status code is specified in an access
+table, it is subject to modification. The following
+transformations are needed when the same access table is
+used for client, helo, sender, or recipient access restrictions;
+they happen regardless of whether Postfix replies to a MAIL
+FROM, RCPT TO or other SMTP command.
+.IP \(bu
+When a sender address matches a REJECT action, the Postfix
+SMTP server will transform a recipient DSN status (e.g.,
+4.1.1\-4.1.6) into the corresponding sender DSN status, and
+vice versa.
+.IP \(bu
+When non\-address information matches a REJECT action (such
+as the HELO command argument or the client hostname/address),
+the Postfix SMTP server will transform a sender or recipient
+DSN status into a generic non\-address DSN status (e.g.,
+4.0.0).
+.SH "REGULAR EXPRESSION TABLES"
+.na
+.nf
+.ad
+.fi
+This section describes how the table lookups change when the table
+is given in the form of regular expressions. For a description of
+regular expression lookup table syntax, see \fBregexp_table\fR(5)
+or \fBpcre_table\fR(5).
+
+Each pattern is a regular expression that is applied to the entire
+string being looked up. Depending on the application, that string
+is an entire client hostname, an entire client IP address, or an
+entire mail address. Thus, no parent domain or parent network search
+is done, \fIuser@domain\fR mail addresses are not broken up into
+their \fIuser@\fR and \fIdomain\fR constituent parts, nor is
+\fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR.
+
+Patterns are applied in the order as specified in the table, until a
+pattern is found that matches the search string.
+
+Actions are the same as with indexed file lookups, with
+the additional feature that parenthesized substrings from the
+pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on.
+.SH "TCP-BASED TABLES"
+.na
+.nf
+.ad
+.fi
+This section describes how the table lookups change when lookups
+are directed to a TCP\-based server. For a description of the TCP
+client/server lookup protocol, see \fBtcp_table\fR(5).
+This feature is not available up to and including Postfix version 2.4.
+
+Each lookup operation uses the entire query string once.
+Depending on the application, that string is an entire client
+hostname, an entire client IP address, or an entire mail address.
+Thus, no parent domain or parent network search is done,
+\fIuser@domain\fR mail addresses are not broken up into
+their \fIuser@\fR and \fIdomain\fR constituent parts, nor is
+\fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR.
+
+Actions are the same as with indexed file lookups.
+.SH "EXAMPLE"
+.na
+.nf
+.ad
+.fi
+The following example uses an indexed file, so that the
+order of table entries does not matter. The example permits
+access by the client at address 1.2.3.4 but rejects all
+other clients in 1.2.3.0/24. Instead of \fBhash\fR lookup
+tables, some systems use \fBdbm\fR. Use the command
+"\fBpostconf \-m\fR" to find out what lookup tables Postfix
+supports on your system.
+
+.nf
+.na
+/etc/postfix/main.cf:
+ smtpd_client_restrictions =
+ check_client_access hash:/etc/postfix/access
+
+/etc/postfix/access:
+ 1.2.3 REJECT
+ 1.2.3.4 OK
+.fi
+.ad
+
+Execute the command "\fBpostmap /etc/postfix/access\fR" after
+editing the file.
+.SH BUGS
+.ad
+.fi
+The table format does not understand quoting conventions.
+.SH "SEE ALSO"
+.na
+.nf
+postmap(1), Postfix lookup table manager
+smtpd(8), SMTP server
+postconf(5), configuration parameters
+transport(5), transport:nexthop syntax
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+SMTPD_ACCESS_README, built\-in SMTP server access control
+DATABASE_README, Postfix lookup table overview
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man5/aliases.5 b/man/man5/aliases.5
new file mode 100644
index 0000000..a5da906
--- /dev/null
+++ b/man/man5/aliases.5
@@ -0,0 +1,233 @@
+.TH ALIASES 5
+.ad
+.fi
+.SH NAME
+aliases
+\-
+Postfix local alias database format
+.SH "SYNOPSIS"
+.na
+.nf
+.fi
+\fBnewaliases\fR
+.SH DESCRIPTION
+.ad
+.fi
+The \fBaliases\fR(5) table provides a system\-wide mechanism to
+redirect mail for local recipients. The redirections are
+processed by the Postfix \fBlocal\fR(8) delivery agent.
+
+Normally, the \fBaliases\fR(5) table is specified as a text file
+that serves as input to the \fBpostalias\fR(1) command. The
+result, an indexed file in \fBdbm\fR or \fBdb\fR format, is
+used for fast lookup by the mail system. Execute the command
+\fBnewaliases\fR in order to rebuild the indexed file after
+changing the Postfix alias database.
+
+When the table is provided via other means such as NIS, LDAP
+or SQL, the same lookups are done as for ordinary indexed files.
+
+Alternatively, the table can be provided as a regular\-expression
+map where patterns are given as regular expressions. In
+this case, the lookups are done in a slightly different way
+as described below under "REGULAR EXPRESSION TABLES".
+
+Users can control delivery of their own mail by setting
+up \fB.forward\fR files in their home directory.
+Lines in per\-user \fB.forward\fR files have the same syntax
+as the right\-hand side of \fBaliases\fR(5) entries.
+
+The format of the alias database input file is as follows:
+.IP \(bu
+An alias definition has the form
+.sp
+.nf
+ \fIname\fR: \fIvalue1\fR, \fIvalue2\fR, \fI...\fR
+.fi
+.IP \(bu
+Empty lines and whitespace\-only lines are ignored, as
+are lines whose first non\-whitespace character is a `#'.
+.IP \(bu
+A logical line starts with non\-whitespace text. A line that
+starts with whitespace continues a logical line.
+.PP
+The \fIname\fR is a local address (no domain part).
+Use double quotes when the name contains any special characters
+such as whitespace, `#', `:', or `@'. The \fIname\fR is folded to
+lowercase, in order to make database lookups case insensitive.
+.PP
+In addition, when an alias exists for \fBowner\-\fIname\fR,
+this will override the envelope sender address, so that
+delivery diagnostics are directed to \fBowner\-\fIname\fR,
+instead of the originator of the message (for details, see
+\fBowner_request_special\fR, \fBexpand_owner_alias\fR and
+\fBreset_owner_alias\fR).
+This is typically used to direct delivery errors to the maintainer of
+a mailing list, who is in a better position to deal with mailing
+list delivery problems than the originator of the undelivered mail.
+.PP
+The \fIvalue\fR contains one or more of the following:
+.IP \fIaddress\fR
+Mail is forwarded to \fIaddress\fR, which is compatible
+with the RFC 822 standard.
+.IP \fI/file/name\fR
+Mail is appended to \fI/file/name\fR. For details on how a
+file is written see the sections "EXTERNAL FILE DELIVERY"
+and "DELIVERY RIGHTS" in the \fBlocal\fR(8) documentation.
+Delivery is not limited to regular files. For example, to dispose
+of unwanted mail, deflect it to \fB/dev/null\fR.
+.IP "|\fIcommand\fR"
+Mail is piped into \fIcommand\fR. Commands that contain
+special characters, such as whitespace, should be enclosed
+between double quotes. For details on how a command is
+executed see "EXTERNAL COMMAND DELIVERY" and "DELIVERY
+RIGHTS" in the \fBlocal\fR(8) documentation.
+.sp
+When the command fails, a limited amount of command output is
+mailed back to the sender. The file \fB/usr/include/sysexits.h\fR
+defines the expected exit status codes. For example, use
+\fB"|exit 67"\fR to simulate a "user unknown" error, and
+\fB"|exit 0"\fR to implement an expensive black hole.
+.IP \fB:include:\fI/file/name\fR
+Mail is sent to the destinations listed in the named file.
+Lines in \fB:include:\fR files have the same syntax
+as the right\-hand side of alias entries.
+.sp
+A destination can be any destination that is described in this
+manual page. However, delivery to "|\fIcommand\fR" and
+\fI/file/name\fR is disallowed by default. To enable, edit the
+\fBallow_mail_to_commands\fR and \fBallow_mail_to_files\fR
+configuration parameters.
+.SH "ADDRESS EXTENSION"
+.na
+.nf
+.ad
+.fi
+When alias database search fails, and the recipient localpart
+contains the optional recipient delimiter (e.g., \fIuser+foo\fR),
+the search is repeated for the unextended address (e.g., \fIuser\fR).
+
+The \fBpropagate_unmatched_extensions\fR parameter controls
+whether an unmatched address extension (\fI+foo\fR) is
+propagated to the result of table lookup.
+.SH "CASE FOLDING"
+.na
+.nf
+.ad
+.fi
+The local(8) delivery agent always folds the search string
+to lowercase before database lookup.
+.SH "REGULAR EXPRESSION TABLES"
+.na
+.nf
+.ad
+.fi
+This section describes how the table lookups change when the table
+is given in the form of regular expressions. For a description of
+regular expression lookup table syntax, see \fBregexp_table\fR(5)
+or \fBpcre_table\fR(5). NOTE: these formats do not use ":" at the
+end of a pattern.
+
+Each regular expression is applied to the entire search
+string. Thus, a search string \fIuser+foo\fR is not broken
+up into \fIuser\fR and \fIfoo\fR.
+
+Regular expressions are applied in the order as specified
+in the table, until a regular expression is found that
+matches the search string.
+
+Lookup results are the same as with indexed file lookups.
+For security reasons there is no support for \fB$1\fR,
+\fB$2\fR etc. substring interpolation.
+.SH "SECURITY"
+.na
+.nf
+.ad
+.fi
+The \fBlocal\fR(8) delivery agent disallows regular expression
+substitution of $1 etc. in \fBalias_maps\fR, because that
+would open a security hole.
+
+The \fBlocal\fR(8) delivery agent will silently ignore
+requests to use the \fBproxymap\fR(8) server within
+\fBalias_maps\fR. Instead it will open the table directly.
+Before Postfix version 2.2, the \fBlocal\fR(8) delivery
+agent will terminate with a fatal error.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+The following \fBmain.cf\fR parameters are especially relevant.
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.IP "\fBalias_database (see 'postconf -d' output)\fR"
+The alias databases for \fBlocal\fR(8) delivery that are updated with
+"\fBnewaliases\fR" or with "\fBsendmail \-bi\fR".
+.IP "\fBalias_maps (see 'postconf -d' output)\fR"
+The alias databases that are used for \fBlocal\fR(8) delivery.
+.IP "\fBallow_mail_to_commands (alias, forward)\fR"
+Restrict \fBlocal\fR(8) mail delivery to external commands.
+.IP "\fBallow_mail_to_files (alias, forward)\fR"
+Restrict \fBlocal\fR(8) mail delivery to external files.
+.IP "\fBexpand_owner_alias (no)\fR"
+When delivering to an alias "\fIaliasname\fR" that has an
+"owner\-\fIaliasname\fR" companion alias, set the envelope sender
+address to the expansion of the "owner\-\fIaliasname\fR" alias.
+.IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR"
+What address lookup tables copy an address extension from the lookup
+key to the lookup result.
+.IP "\fBowner_request_special (yes)\fR"
+Enable special treatment for owner\-\fIlistname\fR entries in the
+\fBaliases\fR(5) file, and don't split owner\-\fIlistname\fR and
+\fIlistname\fR\-request address localparts when the recipient_delimiter
+is set to "\-".
+.IP "\fBrecipient_delimiter (empty)\fR"
+The set of characters that can separate an email address
+localpart, user name, or a .forward file name from its extension.
+.PP
+Available in Postfix version 2.3 and later:
+.IP "\fBfrozen_delivered_to (yes)\fR"
+Update the \fBlocal\fR(8) delivery agent's idea of the Delivered\-To:
+address (see prepend_delivered_header) only once, at the start of
+a delivery attempt; do not update the Delivered\-To: address while
+expanding aliases or .forward files.
+.SH "STANDARDS"
+.na
+.nf
+RFC 822 (ARPA Internet Text Messages)
+.SH "SEE ALSO"
+.na
+.nf
+local(8), local delivery agent
+newaliases(1), create/update alias database
+postalias(1), create/update alias database
+postconf(5), configuration parameters
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+DATABASE_README, Postfix lookup table overview
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man5/body_checks.5 b/man/man5/body_checks.5
new file mode 100644
index 0000000..d7c939e
--- /dev/null
+++ b/man/man5/body_checks.5
@@ -0,0 +1 @@
+.so man5/header_checks.5
diff --git a/man/man5/bounce.5 b/man/man5/bounce.5
new file mode 100644
index 0000000..7c7c8a1
--- /dev/null
+++ b/man/man5/bounce.5
@@ -0,0 +1,235 @@
+.TH BOUNCE 5
+.ad
+.fi
+.SH NAME
+bounce
+\-
+Postfix bounce message template format
+.SH "SYNOPSIS"
+.na
+.nf
+\fBbounce_template_file = /etc/postfix/bounce.cf\fR
+
+\fBpostconf \-b\fR [\fItemplate_file\fR]
+.SH DESCRIPTION
+.ad
+.fi
+The Postfix \fBbounce\fR(8) server produces delivery status
+notification (DSN) messages for undeliverable mail, delayed
+mail, successful delivery or address verification requests.
+
+By default, these notifications are generated from built\-in
+templates with message headers and message text. Sites can
+override the built\-in information by specifying a bounce
+template file with the \fBbounce_template_file\fR configuration
+parameter.
+
+This document describes the general procedure to create a
+bounce template file, followed by the specific details of
+bounce template formats.
+.SH "GENERAL PROCEDURE"
+.na
+.nf
+.ad
+.fi
+To create a customized bounce template file, create a
+temporary
+copy of the file \fB/etc/postfix/bounce.cf.default\fR and
+edit the temporary file.
+
+To preview the results of $\fIname\fR expansions in the
+template text, use the command
+
+.nf
+ \fBpostconf \-b\fR \fItemporary_file\fR
+.fi
+
+Errors in the template will be reported to the standard
+error stream and to the syslog daemon.
+
+While previewing the text, be sure to pay particular attention
+to the expansion of time value parameters that appear in
+the delayed mail notification text.
+
+Once the result is satisfactory, copy the template to the
+Postfix configuration directory and specify in main.cf
+something like:
+
+.nf
+/etc/postfix/main.cf:
+ bounce_template_file = /etc/postfix/bounce.cf
+.fi
+.SH "TEMPLATE FILE FORMAT"
+.na
+.nf
+.ad
+.fi
+The template file can specify templates for failed mail,
+delayed mail, successful delivery or for address verification.
+These templates are named \fBfailure_template\fR,
+\fBdelay_template\fR, \fBsuccess_template\fR and
+\fBverify_template\fR, respectively. You can but do not
+have to specify all four templates in a bounce template
+file.
+
+Each template starts with "\fItemplate_name\fB = <<EOF\fR"
+and ends with a line that contains the word "\fBEOF\fR"
+only. You can change the word EOF, but you can't enclose
+it in quotes as with the shell or with Perl (\fItemplate_name\fB
+= <<'EOF'\fR). Here is an example:
+
+.nf
+ # The failure template is used for undeliverable mail.
+
+ failure_template = <<EOF
+ Charset: us\-ascii
+ From: MAILER\-DAEMON (Mail Delivery System)
+ Subject: Undelivered Mail Returned to Sender
+ Postmaster\-Subject: Postmaster Copy: Undelivered Mail
+
+ This is the mail system at host $myhostname.
+
+ I'm sorry to have to inform you that your message could not
+ be delivered to one or more recipients. It's attached below.
+
+ For further assistance, please send mail to postmaster.
+
+ If you do so, please include this problem report. You can
+ delete your own text from the attached returned message.
+
+ The mail system
+ EOF
+.fi
+.PP
+The usage and specification of bounce templates is
+subject to the following restrictions:
+.IP \(bu
+No special meaning is given to the backslash character or
+to leading whitespace; these are always taken literally.
+.IP \(bu
+Inside the << context, the "$" character is special. To
+produce a "$" character as output, specify "$$".
+.IP \(bu
+Outside the << context, lines beginning with "#" are ignored,
+as are empty lines, and lines consisting of whitespace only.
+.PP
+Examples of all templates can be found in the file
+\fBbounce.cf.default\fR in the Postfix configuration
+directory.
+.SH "TEMPLATE HEADER FORMAT"
+.na
+.nf
+.ad
+.fi
+The first portion of a bounce template consists of optional
+template headers. Some become message headers in the
+delivery status notification; some control the formatting
+of that notification. Headers not specified in a template
+will be left at their default value.
+
+The following headers are supported:
+.IP \fBCharset:\fR
+The MIME character set of the template message text. See
+the "TEMPLATE MESSAGE TEXT FORMAT" description below.
+.IP \fBFrom:\fR
+The sender address in the message header of the delivery
+status notification.
+.IP \fBSubject:\fR
+The subject in the message header of the delivery status
+notification that is returned to the sender.
+.IP \fBPostmaster\-Subject:\fR
+The subject that will be used in Postmaster copies of
+undeliverable or delayed mail notifications. These copies
+are sent under control of the notify_classes configuration
+parameter.
+.PP
+The usage and specification of template message headers is
+subject to the following restrictions:
+.IP \(bu
+Template message header names can be specified in upper
+case, lower case or mixed case. Postfix always produces
+bounce message header labels of the form "\fBFrom:\fR" and
+"\fBSubject:\fR".
+.IP \(bu
+Template message headers must not span multiple lines.
+.IP \(bu
+Template message headers do not support $parameter expansions.
+.IP \(bu
+Template message headers must contain ASCII characters only,
+and must not contain ASCII null characters.
+.SH "TEMPLATE MESSAGE TEXT FORMAT"
+.na
+.nf
+.ad
+.fi
+The second portion of a bounce template consists of message
+text. As the above example shows, template message text may
+contain main.cf $parameters. Besides the parameters that are
+defined in main.cf, the following parameters are treated
+specially depending on the suffix that is appended to their
+name.
+.IP \fBdelay_warning_time_\fIsuffix\fR
+Expands into the value of the \fBdelay_warning_time\fR
+parameter, expressed in the time unit specified by
+\fIsuffix\fR, which is one of \fBseconds\fR, \fBminutes\fR,
+\fBhours\fB, \fBdays\fR, or \fBweeks\fR.
+.IP \fBmaximal_queue_lifetime_\fIsuffix\fR
+Expands into the value of the \fBmaximal_queue_lifetime\fR
+parameter, expressed in the time unit specified by
+\fIsuffix\fR. See above under \fBdelay_warning_time\fR for
+possible \fIsuffix\fR values.
+.IP \fBmydomain\fR
+Expands into the value of the \fBmydomain\fR parameter.
+With "smtputf8_enable = yes", this replaces ACE labels
+(xn\-\-mumble) with their UTF\-8 equivalent.
+.sp
+This feature is available in Postfix 3.0.
+.IP \fBmyhostname\fR
+Expands into the value of the \fBmyhostname\fR parameter.
+With "smtputf8_enable = yes", this replaces ACE labels
+(xn\-\-mumble) with their UTF\-8 equivalent.
+.sp
+This feature is available in Postfix 3.0.
+.PP
+The usage and specification of template message text is
+subject to the following restrictions:
+.IP \(bu
+The template message text is not sent in Postmaster copies
+of delivery status notifications.
+.IP \(bu
+If the template message text contains non\-ASCII characters,
+Postfix requires that the \fBCharset:\fR template header
+is updated. Specify an appropriate superset of US\-ASCII.
+A superset is needed because Postfix appends ASCII text
+after the message template when it sends a delivery status
+notification.
+.SH "SEE ALSO"
+.na
+.nf
+bounce(8), Postfix delivery status notifications
+postconf(5), configuration parameters
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH HISTORY
+.ad
+.fi
+.ad
+.fi
+The Postfix bounce template format was originally developed by
+Nicolas Riendeau.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man5/canonical.5 b/man/man5/canonical.5
new file mode 100644
index 0000000..e987664
--- /dev/null
+++ b/man/man5/canonical.5
@@ -0,0 +1,304 @@
+.TH CANONICAL 5
+.ad
+.fi
+.SH NAME
+canonical
+\-
+Postfix canonical table format
+.SH "SYNOPSIS"
+.na
+.nf
+\fBpostmap /etc/postfix/canonical\fR
+
+\fBpostmap \-q "\fIstring\fB" /etc/postfix/canonical\fR
+
+\fBpostmap \-q \- /etc/postfix/canonical <\fIinputfile\fR
+.SH DESCRIPTION
+.ad
+.fi
+The optional \fBcanonical\fR(5) table specifies an address mapping for
+local and non\-local addresses. The mapping is used by the
+\fBcleanup\fR(8) daemon, before mail is stored into the
+queue. The address mapping is recursive.
+
+Normally, the \fBcanonical\fR(5) table is specified as a text file
+that serves as input to the \fBpostmap\fR(1) command.
+The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
+is used for fast searching by the mail system. Execute the command
+"\fBpostmap /etc/postfix/canonical\fR" to rebuild an indexed
+file after changing the corresponding text file.
+
+When the table is provided via other means such as NIS, LDAP
+or SQL, the same lookups are done as for ordinary indexed files.
+
+Alternatively, the table can be provided as a regular\-expression
+map where patterns are given as regular expressions, or lookups
+can be directed to a TCP\-based server. In those cases, the lookups
+are done in a slightly different way as described below under
+"REGULAR EXPRESSION TABLES" or "TCP\-BASED TABLES".
+
+By default the \fBcanonical\fR(5) mapping affects both message
+header addresses (i.e. addresses that appear inside messages)
+and message envelope addresses (for example, the addresses
+that are used in SMTP protocol commands). This is controlled with
+the \fBcanonical_classes\fR parameter.
+
+NOTE: Postfix versions 2.2 and later rewrite message headers
+from remote SMTP clients only if the client matches the
+local_header_rewrite_clients parameter, or if the
+remote_header_rewrite_domain configuration parameter specifies
+a non\-empty value. To get the behavior before Postfix 2.2,
+specify "local_header_rewrite_clients = static:all".
+
+Typically, one would use the \fBcanonical\fR(5) table to replace login
+names by \fIFirstname.Lastname\fR, or to clean up addresses produced
+by legacy mail systems.
+
+The \fBcanonical\fR(5) mapping is not to be confused with \fIvirtual
+alias\fR support or with local aliasing. To change the destination
+but not the headers, use the \fBvirtual\fR(5) or \fBaliases\fR(5)
+map instead.
+.SH "CASE FOLDING"
+.na
+.nf
+.ad
+.fi
+The search string is folded to lowercase before database
+lookup. As of Postfix 2.3, the search string is not case
+folded with database types such as regexp: or pcre: whose
+lookup fields can match both upper and lower case.
+.SH "TABLE FORMAT"
+.na
+.nf
+.ad
+.fi
+The input format for the \fBpostmap\fR(1) command is as follows:
+.IP "\fIpattern address\fR"
+When \fIpattern\fR matches a mail address, replace it by the
+corresponding \fIaddress\fR.
+.IP "blank lines and comments"
+Empty lines and whitespace\-only lines are ignored, as
+are lines whose first non\-whitespace character is a `#'.
+.IP "multi\-line text"
+A logical line starts with non\-whitespace text. A line that
+starts with whitespace continues a logical line.
+.SH "TABLE SEARCH ORDER"
+.na
+.nf
+.ad
+.fi
+With lookups from indexed files such as DB or DBM, or from networked
+tables such as NIS, LDAP or SQL, each \fIuser\fR@\fIdomain\fR
+query produces a sequence of query patterns as described below.
+
+Each query pattern is sent to each specified lookup table
+before trying the next query pattern, until a match is
+found.
+.IP "\fIuser\fR@\fIdomain address\fR"
+Replace \fIuser\fR@\fIdomain\fR by \fIaddress\fR. This form
+has the highest precedence.
+.sp
+This is useful to clean up addresses produced by legacy mail systems.
+It can also be used to produce \fIFirstname.Lastname\fR style
+addresses, but see below for a simpler solution.
+.IP "\fIuser address\fR"
+Replace \fIuser\fR@\fIsite\fR by \fIaddress\fR when \fIsite\fR is
+equal to $\fBmyorigin\fR, when \fIsite\fR is listed in
+$\fBmydestination\fR, or when it is listed in $\fBinet_interfaces\fR
+or $\fBproxy_interfaces\fR.
+.sp
+This form is useful for replacing login names by
+\fIFirstname.Lastname\fR.
+.IP "@\fIdomain address\fR"
+Replace other addresses in \fIdomain\fR by \fIaddress\fR.
+This form has the lowest precedence.
+.sp
+Note: @\fIdomain\fR is a wild\-card. When this form is applied
+to recipient addresses, the Postfix SMTP server accepts
+mail for any recipient in \fIdomain\fR, regardless of whether
+that recipient exists. This may turn your mail system into
+a backscatter source: Postfix first accepts mail for
+non\-existent recipients and then tries to return that mail
+as "undeliverable" to the often forged sender address.
+.sp
+To avoid backscatter with mail for a wild\-card domain,
+replace the wild\-card mapping with explicit 1:1 mappings,
+or add a reject_unverified_recipient restriction for that
+domain:
+
+.nf
+ smtpd_recipient_restrictions =
+ ...
+ reject_unauth_destination
+ check_recipient_access
+ inline:{example.com=reject_unverified_recipient}
+ unverified_recipient_reject_code = 550
+.fi
+
+In the above example, Postfix may contact a remote server
+if the recipient is rewritten to a remote address.
+.SH "RESULT ADDRESS REWRITING"
+.na
+.nf
+.ad
+.fi
+The lookup result is subject to address rewriting:
+.IP \(bu
+When the result has the form @\fIotherdomain\fR, the
+result becomes the same \fIuser\fR in \fIotherdomain\fR.
+.IP \(bu
+When "\fBappend_at_myorigin=yes\fR", append "\fB@$myorigin\fR"
+to addresses without "@domain".
+.IP \(bu
+When "\fBappend_dot_mydomain=yes\fR", append
+"\fB.$mydomain\fR" to addresses without ".domain".
+.SH "ADDRESS EXTENSION"
+.na
+.nf
+.fi
+.ad
+When a mail address localpart contains the optional recipient delimiter
+(e.g., \fIuser+foo\fR@\fIdomain\fR), the lookup order becomes:
+\fIuser+foo\fR@\fIdomain\fR, \fIuser\fR@\fIdomain\fR, \fIuser+foo\fR,
+\fIuser\fR, and @\fIdomain\fR.
+
+The \fBpropagate_unmatched_extensions\fR parameter controls whether
+an unmatched address extension (\fI+foo\fR) is propagated to the
+result of table lookup.
+.SH "REGULAR EXPRESSION TABLES"
+.na
+.nf
+.ad
+.fi
+This section describes how the table lookups change when the table
+is given in the form of regular expressions. For a description of
+regular expression lookup table syntax, see \fBregexp_table\fR(5)
+or \fBpcre_table\fR(5).
+
+Each pattern is a regular expression that is applied to the entire
+address being looked up. Thus, \fIuser@domain\fR mail addresses are not
+broken up into their \fIuser\fR and \fI@domain\fR constituent parts,
+nor is \fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR.
+
+Patterns are applied in the order as specified in the table, until a
+pattern is found that matches the search string.
+
+Results are the same as with indexed file lookups, with
+the additional feature that parenthesized substrings from the
+pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on.
+.SH "TCP-BASED TABLES"
+.na
+.nf
+.ad
+.fi
+This section describes how the table lookups change when lookups
+are directed to a TCP\-based server. For a description of the TCP
+client/server lookup protocol, see \fBtcp_table\fR(5).
+This feature is not available up to and including Postfix version 2.4.
+
+Each lookup operation uses the entire address once. Thus,
+\fIuser@domain\fR mail addresses are not broken up into their
+\fIuser\fR and \fI@domain\fR constituent parts, nor is
+\fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR.
+
+Results are the same as with indexed file lookups.
+.SH BUGS
+.ad
+.fi
+The table format does not understand quoting conventions.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+The following \fBmain.cf\fR parameters are especially relevant.
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.IP "\fBcanonical_classes (envelope_sender, envelope_recipient, header_sender, header_recipient)\fR"
+What addresses are subject to canonical_maps address mapping.
+.IP "\fBcanonical_maps (empty)\fR"
+Optional address mapping lookup tables for message headers and
+envelopes.
+.IP "\fBrecipient_canonical_maps (empty)\fR"
+Optional address mapping lookup tables for envelope and header
+recipient addresses.
+.IP "\fBsender_canonical_maps (empty)\fR"
+Optional address mapping lookup tables for envelope and header
+sender addresses.
+.IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR"
+What address lookup tables copy an address extension from the lookup
+key to the lookup result.
+.PP
+Other parameters of interest:
+.IP "\fBinet_interfaces (all)\fR"
+The network interface addresses that this mail system receives
+mail on.
+.IP "\fBlocal_header_rewrite_clients (permit_inet_interfaces)\fR"
+Rewrite message header addresses in mail from these clients and
+update incomplete addresses with the domain name in $myorigin or
+$mydomain; either don't rewrite message headers from other clients
+at all, or rewrite message headers and update incomplete addresses
+with the domain specified in the remote_header_rewrite_domain
+parameter.
+.IP "\fBproxy_interfaces (empty)\fR"
+The network interface addresses that this mail system receives mail
+on by way of a proxy or network address translation unit.
+.IP "\fBmasquerade_classes (envelope_sender, header_sender, header_recipient)\fR"
+What addresses are subject to address masquerading.
+.IP "\fBmasquerade_domains (empty)\fR"
+Optional list of domains whose subdomain structure will be stripped
+off in email addresses.
+.IP "\fBmasquerade_exceptions (empty)\fR"
+Optional list of user names that are not subjected to address
+masquerading, even when their addresses match $masquerade_domains.
+.IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR"
+The list of domains that are delivered via the $local_transport
+mail delivery transport.
+.IP "\fBmyorigin ($myhostname)\fR"
+The domain name that locally\-posted mail appears to come
+from, and that locally posted mail is delivered to.
+.IP "\fBowner_request_special (yes)\fR"
+Enable special treatment for owner\-\fIlistname\fR entries in the
+\fBaliases\fR(5) file, and don't split owner\-\fIlistname\fR and
+\fIlistname\fR\-request address localparts when the recipient_delimiter
+is set to "\-".
+.IP "\fBremote_header_rewrite_domain (empty)\fR"
+Don't rewrite message headers from remote clients at all when
+this parameter is empty; otherwise, rewrite message headers and
+append the specified domain name to incomplete addresses.
+.SH "SEE ALSO"
+.na
+.nf
+cleanup(8), canonicalize and enqueue mail
+postmap(1), Postfix lookup table manager
+postconf(5), configuration parameters
+virtual(5), virtual aliasing
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+DATABASE_README, Postfix lookup table overview
+ADDRESS_REWRITING_README, address rewriting guide
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man5/cidr_table.5 b/man/man5/cidr_table.5
new file mode 100644
index 0000000..6722123
--- /dev/null
+++ b/man/man5/cidr_table.5
@@ -0,0 +1,199 @@
+.TH CIDR_TABLE 5
+.ad
+.fi
+.SH NAME
+cidr_table
+\-
+format of Postfix CIDR tables
+.SH "SYNOPSIS"
+.na
+.nf
+\fBpostmap \-q "\fIstring\fB" cidr:/etc/postfix/\fIfilename\fR
+
+\fBpostmap \-q \- cidr:/etc/postfix/\fIfilename\fB <\fIinputfile\fR
+.SH DESCRIPTION
+.ad
+.fi
+The Postfix mail system uses optional lookup tables.
+These tables are usually in \fBdbm\fR or \fBdb\fR format.
+Alternatively, lookup tables can be specified in CIDR
+(Classless Inter\-Domain Routing) form. In this case, each
+input is compared against a list of patterns. When a match
+is found, the corresponding result is returned and the search
+is terminated.
+
+To find out what types of lookup tables your Postfix system
+supports use the "\fBpostconf \-m\fR" command.
+
+To test lookup tables, use the "\fBpostmap \-q\fR" command as
+described in the SYNOPSIS above.
+.SH "TABLE FORMAT"
+.na
+.nf
+.ad
+.fi
+The general form of a Postfix CIDR table is:
+.IP "\fIpattern result\fR"
+When a search string matches the specified \fIpattern\fR, use
+the corresponding \fIresult\fR value. The \fIpattern\fR must be
+in \fInetwork/prefix\fR or \fInetwork_address\fR form (see
+ADDRESS PATTERN SYNTAX below).
+.IP "\fB!\fIpattern result\fR"
+When a search string does not match the specified \fIpattern\fR,
+use the specified \fIresult\fR value. The \fIpattern\fR must
+be in \fInetwork/prefix\fR or \fInetwork_address\fR form (see
+ADDRESS PATTERN SYNTAX below).
+.sp
+This feature is available in Postfix 3.2 and later.
+.IP "\fBif \fIpattern\fR"
+.IP "\fBendif\fR"
+When a search string matches the specified \fIpattern\fR, match
+that search string against the patterns between \fBif\fR and
+\fBendif\fR. The \fIpattern\fR must be in \fInetwork/prefix\fR or
+\fInetwork_address\fR form (see ADDRESS PATTERN SYNTAX below). The
+\fBif\fR..\fBendif\fR can nest.
+.sp
+Note: do not prepend whitespace to text between
+\fBif\fR..\fBendif\fR.
+.sp
+This feature is available in Postfix 3.2 and later.
+.IP "\fBif !\fIpattern\fR"
+.IP "\fBendif\fR"
+When a search string does not match the specified \fIpattern\fR,
+match that search string against the patterns between \fBif\fR and
+\fBendif\fR. The \fIpattern\fR must be in \fInetwork/prefix\fR or
+\fInetwork_address\fR form (see ADDRESS PATTERN SYNTAX below). The
+\fBif\fR..\fBendif\fR can nest.
+.sp
+Note: do not prepend whitespace to text between
+\fBif\fR..\fBendif\fR.
+.sp
+This feature is available in Postfix 3.2 and later.
+.IP "blank lines and comments"
+Empty lines and whitespace\-only lines are ignored, as
+are lines whose first non\-whitespace character is a `#'.
+.IP "multi\-line text"
+A logical line starts with non\-whitespace text. A line that
+starts with whitespace continues a logical line.
+.SH "TABLE SEARCH ORDER"
+.na
+.nf
+.ad
+.fi
+Patterns are applied in the order as specified in the table, until a
+pattern is found that matches the search string.
+.SH "ADDRESS PATTERN SYNTAX"
+.na
+.nf
+.ad
+.fi
+Postfix CIDR tables are pattern\-based. A pattern is either
+a \fInetwork_address\fR which requires an exact match, or a
+\fInetwork_address/prefix_length\fR where the \fIprefix_length\fR
+part specifies the length of the \fInetwork_address\fR prefix
+that must be matched (the other bits in the \fInetwork_address\fR
+part must be zero).
+
+An IPv4 network address is a sequence of four decimal octets
+separated by ".", and an IPv6 network address is a sequence
+of three to eight hexadecimal octet pairs separated by ":"
+or "::", where the latter is short\-hand for a sequence of
+one or more all\-zero octet pairs. The pattern 0.0.0.0/0
+matches every IPv4 address, and ::/0 matches every IPv6
+address. IPv6 support is available in Postfix 2.2 and
+later.
+
+Before comparisons are made, lookup keys and table entries
+are converted from string to binary. Therefore, IPv6 patterns
+will be matched regardless of leading zeros (a leading zero in
+an IPv4 address octet indicates octal notation).
+
+Note: address information may be enclosed inside "[]" but
+this form is not required.
+.SH "INLINE SPECIFICATION"
+.na
+.nf
+.ad
+.fi
+The contents of a table may be specified in the table name
+(Postfix 3.7 and later).
+The basic syntax is:
+
+.nf
+main.cf:
+ \fIparameter\fR \fB= .. cidr:{ { \fIrule\-1\fB }, { \fIrule\-2\fB } .. } ..\fR
+
+master.cf:
+ \fB.. \-o { \fIparameter\fR \fB= .. cidr:{ { \fIrule\-1\fB }, { \fIrule\-2\fB } .. } .. } ..\fR
+.fi
+
+Postfix ignores whitespace after '{' and before '}', and
+writes each \fIrule\fR as one text line to an in\-memory
+file:
+
+.nf
+in\-memory file:
+ rule\-1
+ rule\-2
+ ..
+.fi
+
+Postfix parses the result as if it is a file in /etc/postfix.
+
+Note: if a rule contains \fB$\fR, specify \fB$$\fR to keep
+Postfix from trying to do \fI$name\fR expansion as it
+evaluates a parameter value.
+.SH "EXAMPLE SMTPD ACCESS MAP"
+.na
+.nf
+.nf
+/etc/postfix/main.cf:
+ smtpd_client_restrictions = ... cidr:/etc/postfix/client.cidr ...
+
+/etc/postfix/client.cidr:
+ # Rule order matters. Put more specific allowlist entries
+ # before more general denylist entries.
+ 192.168.1.1 OK
+ 192.168.0.0/16 REJECT
+ 2001:db8::1 OK
+ 2001:db8::/32 REJECT
+.fi
+.SH "SEE ALSO"
+.na
+.nf
+postmap(1), Postfix lookup table manager
+regexp_table(5), format of regular expression tables
+pcre_table(5), format of PCRE tables
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+DATABASE_README, Postfix lookup table overview
+.SH HISTORY
+.ad
+.fi
+CIDR table support was introduced with Postfix version 2.1.
+.SH "AUTHOR(S)"
+.na
+.nf
+The CIDR table lookup code was originally written by:
+Jozsef Kadlecsik
+KFKI Research Institute for Particle and Nuclear Physics
+POB. 49
+1525 Budapest, Hungary
+
+Adopted and adapted by:
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man5/generic.5 b/man/man5/generic.5
new file mode 100644
index 0000000..6e891eb
--- /dev/null
+++ b/man/man5/generic.5
@@ -0,0 +1,274 @@
+.TH GENERIC 5
+.ad
+.fi
+.SH NAME
+generic
+\-
+Postfix generic table format
+.SH "SYNOPSIS"
+.na
+.nf
+\fBpostmap /etc/postfix/generic\fR
+
+\fBpostmap \-q "\fIstring\fB" /etc/postfix/generic\fR
+
+\fBpostmap \-q \- /etc/postfix/generic <\fIinputfile\fR
+.SH DESCRIPTION
+.ad
+.fi
+The optional \fBgeneric\fR(5) table specifies an address
+mapping that applies when mail is delivered. This is the
+opposite of \fBcanonical\fR(5) mapping, which applies when
+mail is received.
+
+Typically, one would use the \fBgeneric\fR(5) table on a
+system that does not have a valid Internet domain name and
+that uses something like \fIlocaldomain.local\fR instead.
+The \fBgeneric\fR(5) table is then used by the \fBsmtp\fR(8)
+client to transform local mail addresses into valid Internet
+mail addresses when mail has to be sent across the Internet.
+See the EXAMPLE section at the end of this document.
+
+The \fBgeneric\fR(5) mapping affects both message header
+addresses (i.e. addresses that appear inside messages) and
+message envelope addresses (for example, the addresses that
+are used in SMTP protocol commands).
+
+Normally, the \fBgeneric\fR(5) table is specified as a
+text file that serves as input to the \fBpostmap\fR(1)
+command. The result, an indexed file in \fBdbm\fR or
+\fBdb\fR format, is used for fast searching by the mail
+system. Execute the command "\fBpostmap /etc/postfix/generic\fR"
+to rebuild an indexed file after changing the corresponding
+text file.
+
+When the table is provided via other means such as NIS, LDAP
+or SQL, the same lookups are done as for ordinary indexed files.
+
+Alternatively, the table can be provided as a regular\-expression
+map where patterns are given as regular expressions, or lookups
+can be directed to a TCP\-based server. In those cases, the lookups
+are done in a slightly different way as described below under
+"REGULAR EXPRESSION TABLES" or "TCP\-BASED TABLES".
+.SH "CASE FOLDING"
+.na
+.nf
+.ad
+.fi
+The search string is folded to lowercase before database
+lookup. As of Postfix 2.3, the search string is not case
+folded with database types such as regexp: or pcre: whose
+lookup fields can match both upper and lower case.
+.SH "TABLE FORMAT"
+.na
+.nf
+.ad
+.fi
+The input format for the \fBpostmap\fR(1) command is as follows:
+.IP "\fIpattern result\fR"
+When \fIpattern\fR matches a mail address, replace it by the
+corresponding \fIresult\fR.
+.IP "blank lines and comments"
+Empty lines and whitespace\-only lines are ignored, as
+are lines whose first non\-whitespace character is a `#'.
+.IP "multi\-line text"
+A logical line starts with non\-whitespace text. A line that
+starts with whitespace continues a logical line.
+.SH "TABLE SEARCH ORDER"
+.na
+.nf
+.ad
+.fi
+With lookups from indexed files such as DB or DBM, or from networked
+tables such as NIS, LDAP or SQL, each \fIuser\fR@\fIdomain\fR
+query produces a sequence of query patterns as described below.
+
+Each query pattern is sent to each specified lookup table
+before trying the next query pattern, until a match is
+found.
+.IP "\fIuser\fR@\fIdomain address\fR"
+Replace \fIuser\fR@\fIdomain\fR by \fIaddress\fR. This form
+has the highest precedence.
+.IP "\fIuser address\fR"
+Replace \fIuser\fR@\fIsite\fR by \fIaddress\fR when \fIsite\fR is
+equal to $\fBmyorigin\fR, when \fIsite\fR is listed in
+$\fBmydestination\fR, or when it is listed in $\fBinet_interfaces\fR
+or $\fBproxy_interfaces\fR.
+.IP "@\fIdomain address\fR"
+Replace other addresses in \fIdomain\fR by \fIaddress\fR.
+This form has the lowest precedence.
+.SH "RESULT ADDRESS REWRITING"
+.na
+.nf
+.ad
+.fi
+The lookup result is subject to address rewriting:
+.IP \(bu
+When the result has the form @\fIotherdomain\fR, the
+result becomes the same \fIuser\fR in \fIotherdomain\fR.
+.IP \(bu
+When "\fBappend_at_myorigin=yes\fR", append "\fB@$myorigin\fR"
+to addresses without "@domain".
+.IP \(bu
+When "\fBappend_dot_mydomain=yes\fR", append
+"\fB.$mydomain\fR" to addresses without ".domain".
+.SH "ADDRESS EXTENSION"
+.na
+.nf
+.fi
+.ad
+When a mail address localpart contains the optional recipient delimiter
+(e.g., \fIuser+foo\fR@\fIdomain\fR), the lookup order becomes:
+\fIuser+foo\fR@\fIdomain\fR, \fIuser\fR@\fIdomain\fR, \fIuser+foo\fR,
+\fIuser\fR, and @\fIdomain\fR.
+
+The \fBpropagate_unmatched_extensions\fR parameter controls whether
+an unmatched address extension (\fI+foo\fR) is propagated to the
+result of table lookup.
+.SH "REGULAR EXPRESSION TABLES"
+.na
+.nf
+.ad
+.fi
+This section describes how the table lookups change when the table
+is given in the form of regular expressions. For a description of
+regular expression lookup table syntax, see \fBregexp_table\fR(5)
+or \fBpcre_table\fR(5).
+
+Each pattern is a regular expression that is applied to the entire
+address being looked up. Thus, \fIuser@domain\fR mail addresses are not
+broken up into their \fIuser\fR and \fI@domain\fR constituent parts,
+nor is \fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR.
+
+Patterns are applied in the order as specified in the table, until a
+pattern is found that matches the search string.
+
+Results are the same as with indexed file lookups, with
+the additional feature that parenthesized substrings from the
+pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on.
+.SH "TCP-BASED TABLES"
+.na
+.nf
+.ad
+.fi
+This section describes how the table lookups change when lookups
+are directed to a TCP\-based server. For a description of the TCP
+client/server lookup protocol, see \fBtcp_table\fR(5).
+This feature is available in Postfix 2.5 and later.
+
+Each lookup operation uses the entire address once. Thus,
+\fIuser@domain\fR mail addresses are not broken up into their
+\fIuser\fR and \fI@domain\fR constituent parts, nor is
+\fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR.
+
+Results are the same as with indexed file lookups.
+.SH "EXAMPLE"
+.na
+.nf
+.ad
+.fi
+The following shows a generic mapping with an indexed file.
+When mail is sent to a remote host via SMTP, this replaces
+\fIhis@localdomain.local\fR by his ISP mail address, replaces
+\fIher@localdomain.local\fR by her ISP mail address, and
+replaces other local addresses by his ISP account, with
+an address extension of \fI+local\fR (this example assumes
+that the ISP supports "+" style address extensions).
+
+.na
+.nf
+/etc/postfix/main.cf:
+ smtp_generic_maps = hash:/etc/postfix/generic
+
+/etc/postfix/generic:
+ his@localdomain.local hisaccount@hisisp.example
+ her@localdomain.local heraccount@herisp.example
+ @localdomain.local hisaccount+local@hisisp.example
+
+.ad
+.fi
+Execute the command "\fBpostmap /etc/postfix/generic\fR"
+whenever the table is changed. Instead of \fBhash\fR, some
+systems use \fBdbm\fR database files. To find out what
+tables your system supports use the command "\fBpostconf
+\-m\fR".
+.SH BUGS
+.ad
+.fi
+The table format does not understand quoting conventions.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+The following \fBmain.cf\fR parameters are especially relevant.
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.IP "\fBsmtp_generic_maps (empty)\fR"
+Optional lookup tables that perform address rewriting in the
+Postfix SMTP client, typically to transform a locally valid address into
+a globally valid address when sending mail across the Internet.
+.IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR"
+What address lookup tables copy an address extension from the lookup
+key to the lookup result.
+.PP
+Other parameters of interest:
+.IP "\fBinet_interfaces (all)\fR"
+The network interface addresses that this mail system receives
+mail on.
+.IP "\fBproxy_interfaces (empty)\fR"
+The network interface addresses that this mail system receives mail
+on by way of a proxy or network address translation unit.
+.IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR"
+The list of domains that are delivered via the $local_transport
+mail delivery transport.
+.IP "\fBmyorigin ($myhostname)\fR"
+The domain name that locally\-posted mail appears to come
+from, and that locally posted mail is delivered to.
+.IP "\fBowner_request_special (yes)\fR"
+Enable special treatment for owner\-\fIlistname\fR entries in the
+\fBaliases\fR(5) file, and don't split owner\-\fIlistname\fR and
+\fIlistname\fR\-request address localparts when the recipient_delimiter
+is set to "\-".
+.SH "SEE ALSO"
+.na
+.nf
+postmap(1), Postfix lookup table manager
+postconf(5), configuration parameters
+smtp(8), Postfix SMTP client
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+ADDRESS_REWRITING_README, address rewriting guide
+DATABASE_README, Postfix lookup table overview
+STANDARD_CONFIGURATION_README, configuration examples
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH HISTORY
+.ad
+.fi
+A genericstable feature appears in the Sendmail MTA.
+
+This feature is available in Postfix 2.2 and later.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man5/header_checks.5 b/man/man5/header_checks.5
new file mode 100644
index 0000000..31ac7dc
--- /dev/null
+++ b/man/man5/header_checks.5
@@ -0,0 +1,528 @@
+.TH HEADER_CHECKS 5
+.ad
+.fi
+.SH NAME
+header_checks
+\-
+Postfix built\-in content inspection
+.SH "SYNOPSIS"
+.na
+.nf
+.nf
+\fBheader_checks = pcre:/etc/postfix/header_checks\fR
+\fBmime_header_checks = pcre:/etc/postfix/mime_header_checks\fR
+\fBnested_header_checks = pcre:/etc/postfix/nested_header_checks\fR
+\fBbody_checks = pcre:/etc/postfix/body_checks\fR
+.sp
+\fBmilter_header_checks = pcre:/etc/postfix/milter_header_checks\fR
+.sp
+\fBsmtp_header_checks = pcre:/etc/postfix/smtp_header_checks\fR
+\fBsmtp_mime_header_checks = pcre:/etc/postfix/smtp_mime_header_checks\fR
+\fBsmtp_nested_header_checks = pcre:/etc/postfix/smtp_nested_header_checks\fR
+\fBsmtp_body_checks = pcre:/etc/postfix/smtp_body_checks\fR
+.sp
+\fBpostmap \-q "\fIstring\fB" pcre:/etc/postfix/\fIfilename\fR
+\fBpostmap \-q \- pcre:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
+.fi
+.SH DESCRIPTION
+.ad
+.fi
+This document describes access control on the content of
+message headers and message body lines; it is implemented
+by the Postfix \fBcleanup\fR(8) server before mail is queued.
+See \fBaccess\fR(5) for access control on remote SMTP client
+information.
+
+Each message header or message body line is compared against
+a list of patterns.
+When a match is found the corresponding action is executed, and
+the matching process is repeated for the next message header or
+message body line.
+
+Note: message headers are examined one logical header at a time,
+even when a message header spans multiple lines. Body lines are
+always examined one line at a time.
+
+For examples, see the EXAMPLES section at the end of this
+manual page.
+
+Postfix header or body_checks are designed to stop a flood of mail
+from worms or viruses; they do not decode attachments, and they do
+not unzip archives. See the documents referenced below in the README
+FILES section if you need more sophisticated content analysis.
+.SH "FILTERS WHILE RECEIVING MAIL"
+.na
+.nf
+.ad
+.fi
+Postfix implements the following four built\-in content
+inspection classes while receiving mail:
+.IP "\fBheader_checks\fR (default: empty)"
+These are applied to initial message headers (except for
+the headers that are processed with \fBmime_header_checks\fR).
+.IP "\fBmime_header_checks\fR (default: \fB$header_checks\fR)"
+These are applied to MIME related message headers only.
+.sp
+This feature is available in Postfix 2.0 and later.
+.IP "\fBnested_header_checks\fR (default: \fB$header_checks\fR)"
+These are applied to message headers of attached email
+messages (except for the headers that are processed with
+\fBmime_header_checks\fR).
+.sp
+This feature is available in Postfix 2.0 and later.
+.IP \fBbody_checks\fR
+These are applied to all other content, including multi\-part
+message boundaries.
+.sp
+With Postfix versions before 2.0, all content after the initial
+message headers is treated as body content.
+.SH "FILTERS AFTER RECEIVING MAIL"
+.na
+.nf
+.ad
+.fi
+Postfix supports a subset of the built\-in content inspection
+classes after the message is received:
+.IP "\fBmilter_header_checks\fR (default: empty)"
+These are applied to headers that are added with Milter
+applications.
+.sp
+This feature is available in Postfix 2.7 and later.
+.SH "FILTERS WHILE DELIVERING MAIL"
+.na
+.nf
+.ad
+.fi
+Postfix supports all four content inspection classes while
+delivering mail via SMTP.
+.IP "\fBsmtp_header_checks\fR (default: empty)"
+.IP "\fBsmtp_mime_header_checks\fR (default: empty)"
+.IP "\fBsmtp_nested_header_checks\fR (default: empty)"
+.IP "\fBsmtp_body_checks\fR (default: empty)"
+These features are available in Postfix 2.5 and later.
+.SH "COMPATIBILITY"
+.na
+.nf
+.ad
+.fi
+With Postfix version 2.2 and earlier specify "\fBpostmap
+\-fq\fR" to query a table that contains case sensitive
+patterns. By default, regexp: and pcre: patterns are case
+insensitive.
+.SH "TABLE FORMAT"
+.na
+.nf
+.ad
+.fi
+This document assumes that header and body_checks rules are specified
+in the form of Postfix regular expression lookup tables. Usually the
+best performance is obtained with \fBpcre\fR (Perl Compatible Regular
+Expression) tables. The \fBregexp\fR (POSIX regular
+expressions) tables are usually slower, but more widely
+available.
+Use the command "\fBpostconf \-m\fR" to find out what lookup table
+types your Postfix system supports.
+
+The general format of Postfix regular expression tables is
+given below.
+For a discussion of specific pattern or flags syntax,
+see \fBpcre_table\fR(5) or \fBregexp_table\fR(5), respectively.
+.IP "\fB/\fIpattern\fB/\fIflags action\fR"
+When /\fIpattern\fR/ matches the input string, execute
+the corresponding \fIaction\fR. See below for a list
+of possible actions.
+.IP "\fB!/\fIpattern\fB/\fIflags action\fR"
+When /\fIpattern\fR/ does \fBnot\fR match the input string,
+execute the corresponding \fIaction\fR.
+.IP "\fBif /\fIpattern\fB/\fIflags\fR"
+.IP "\fBendif\fR"
+If the input string matches /\fIpattern\fR/, then match that
+input string against the patterns between \fBif\fR and
+\fBendif\fR. The \fBif\fR..\fBendif\fR can nest.
+.sp
+Note: do not prepend whitespace to patterns inside
+\fBif\fR..\fBendif\fR.
+.IP "\fBif !/\fIpattern\fB/\fIflags\fR"
+.IP "\fBendif\fR"
+If the input string does not match /\fIpattern\fR/, then
+match that input string against the patterns between \fBif\fR
+and \fBendif\fR. The \fBif\fR..\fBendif\fR can nest.
+.IP "blank lines and comments"
+Empty lines and whitespace\-only lines are ignored, as
+are lines whose first non\-whitespace character is a `#'.
+.IP "multi\-line text"
+A pattern/action line starts with non\-whitespace text. A line that
+starts with whitespace continues a logical line.
+.SH "TABLE SEARCH ORDER"
+.na
+.nf
+.ad
+.fi
+For each line of message input, the patterns are applied in the
+order as specified in the table. When a pattern is found that matches
+the input line, the corresponding action is executed and then the
+next input line is inspected.
+.SH "TEXT SUBSTITUTION"
+.na
+.nf
+.ad
+.fi
+Substitution of substrings from the matched expression into the
+\fIaction\fR
+string is possible using the conventional Perl syntax
+(\fB$1\fR, \fB$2\fR, etc.).
+The macros in the result string may need to be written as \fB${n}\fR
+or \fB$(n)\fR if they aren't followed by whitespace.
+
+Note: since negated patterns (those preceded by \fB!\fR) return a
+result when the expression does not match, substitutions are not
+available for negated patterns.
+.SH "ACTIONS"
+.na
+.nf
+.ad
+.fi
+Action names are case insensitive. They are shown in upper case
+for consistency with other Postfix documentation.
+.IP "\fBBCC \fIuser@domain\fR"
+Add the specified address as a BCC recipient, and inspect
+the next input line. The address
+must have a local part and domain part. The number of BCC
+addresses that can be added is limited only by the amount
+of available storage space.
+
+Note 1: the BCC address is added as if it was specified with
+NOTIFY=NONE. The sender will not be notified when the BCC
+address is undeliverable, as long as all down\-stream software
+implements RFC 3461.
+
+Note 2: this ignores duplicate addresses (with the same
+delivery status notification options).
+.sp
+This feature is available in Postfix 3.0 and later.
+.sp
+This feature is not supported with smtp header/body checks.
+.IP "\fBDISCARD \fIoptional text...\fR"
+Claim successful delivery and silently discard the message.
+Do not inspect the remainder of the input message.
+Log the optional text if specified, otherwise log a generic
+message.
+.sp
+Note: this action disables further header or body_checks inspection
+of the current message and affects all recipients.
+To discard only one recipient without discarding the entire message,
+use the transport(5) table to direct mail to the discard(8) service.
+.sp
+This feature is available in Postfix 2.0 and later.
+.sp
+This feature is not supported with smtp header/body checks.
+.IP \fBDUNNO\fR
+Pretend that the input line did not match any pattern, and inspect the
+next input line. This action can be used to shorten the table search.
+.sp
+For backwards compatibility reasons, Postfix also accepts
+\fBOK\fR but it is (and always has been) treated as \fBDUNNO\fR.
+.sp
+This feature is available in Postfix 2.1 and later.
+.IP "\fBFILTER \fItransport:destination\fR"
+Override the content_filter parameter setting, and inspect
+the next input line.
+After the message is queued, send the entire message through
+the specified external content filter. The \fItransport\fR
+name specifies the first field of a mail delivery agent
+definition in master.cf; the syntax of the next\-hop
+\fIdestination\fR is described in the manual page of the
+corresponding delivery agent. More information about
+external content filters is in the Postfix FILTER_README
+file.
+.sp
+Note 1: do not use $\fInumber\fR regular expression
+substitutions for \fItransport\fR or \fIdestination\fR
+unless you know that the information has a trusted origin.
+.sp
+Note 2: this action overrides the main.cf \fBcontent_filter\fR
+setting, and affects all recipients of the message. In the
+case that multiple \fBFILTER\fR actions fire, only the last
+one is executed.
+.sp
+Note 3: the purpose of the FILTER command is to override
+message routing. To override the recipient's \fItransport\fR
+but not the next\-hop \fIdestination\fR, specify an empty
+filter \fIdestination\fR (Postfix 2.7 and later), or specify
+a \fItransport:destination\fR that delivers through a
+different Postfix instance (Postfix 2.6 and earlier). Other
+options are using the recipient\-dependent \fBtrans\%port\%_maps\fR
+or the sen\%der\-dependent
+\fBsender\%_de\%pen\%dent\%_de\%fault\%_trans\%port\%_maps\fR
+features.
+.sp
+This feature is available in Postfix 2.0 and later.
+.sp
+This feature is not supported with smtp header/body checks.
+.IP "\fBHOLD \fIoptional text...\fR"
+Arrange for the message to be placed on the \fBhold\fR queue,
+and inspect the next input line. The message remains on \fBhold\fR
+until someone either deletes it or releases it for delivery.
+Log the optional text if specified, otherwise log a generic
+message.
+
+Mail that is placed on hold can be examined with the
+\fBpostcat\fR(1) command, and can be destroyed or released with
+the \fBpostsuper\fR(1) command.
+.sp
+Note: use "\fBpostsuper \-r\fR" to release mail that was kept on
+hold for a significant fraction of \fB$maximal_queue_lifetime\fR
+or \fB$bounce_queue_lifetime\fR, or longer. Use "\fBpostsuper \-H\fR"
+only for mail that will not expire within a few delivery attempts.
+.sp
+Note: this action affects all recipients of the message.
+.sp
+This feature is available in Postfix 2.0 and later.
+.sp
+This feature is not supported with smtp header/body checks.
+.IP \fBIGNORE\fR
+Delete the current line from the input, and inspect
+the next input line. See \fBSTRIP\fR for an alternative
+that logs the action.
+.IP "\fBINFO \fIoptional text...\fR
+Log an "info:" record with the \fIoptional text...\fR (or
+log a generic text), and inspect the next input line. This
+action is useful for routine logging or for debugging.
+.sp
+This feature is available in Postfix 2.8 and later.
+.IP "\fBPASS \fIoptional text...\fR"
+Log a "pass:" record with the \fIoptional text...\fR (or
+log a generic text), and turn off header, body, and Milter
+inspection for the remainder of this message.
+.sp
+Note: this feature relies on trust in information that is
+easy to forge.
+.sp
+This feature is available in Postfix 3.2 and later.
+.sp
+This feature is not supported with smtp header/body checks.
+.IP "\fBPREPEND \fItext...\fR"
+Prepend one line with the specified text, and inspect the next
+input line.
+.sp
+Notes:
+.RS
+.IP \(bu
+The prepended text is output on a separate line, immediately
+before the input that triggered the \fBPREPEND\fR action.
+.IP \(bu
+The prepended text is not considered part of the input
+stream: it is not subject to header/body checks or address
+rewriting, and it does not affect the way that Postfix adds
+missing message headers.
+.IP \(bu
+When prepending text before a message header line, the prepended
+text must begin with a valid message header label.
+.IP \(bu
+This action cannot be used to prepend multi\-line text.
+.RE
+.IP
+This feature is available in Postfix 2.1 and later.
+.sp
+This feature is not supported with milter_header_checks.
+.IP "\fBREDIRECT \fIuser@domain\fR"
+Write a message redirection request to the queue file, and
+inspect the next input line. After the message is queued,
+it will be sent to the specified address instead of the
+intended recipient(s).
+.sp
+Note: this action overrides the \fBFILTER\fR action, and affects
+all recipients of the message. If multiple \fBREDIRECT\fR actions
+fire, only the last one is executed.
+.sp
+This feature is available in Postfix 2.1 and later.
+.sp
+This feature is not supported with smtp header/body checks.
+.IP "\fBREPLACE \fItext...\fR"
+Replace the current line with the specified text, and inspect the next
+input line.
+.sp
+This feature is available in Postfix 2.2 and later. The
+description below applies to Postfix 2.2.2 and later.
+.sp
+Notes:
+.RS
+.IP \(bu
+When replacing a message header line, the replacement text
+must begin with a valid header label.
+.IP \(bu
+The replaced text remains part of the input stream. Unlike
+the result from the \fBPREPEND\fR action, a replaced message
+header may be subject to address rewriting and may affect
+the way that Postfix adds missing message headers.
+.RE
+.IP "\fBREJECT \fIoptional text...\fR
+Reject the entire message. Do not inspect the remainder of
+the input message. Reply with \fIoptional text...\fR when
+the optional text is specified, otherwise reply with a
+generic error message.
+.sp
+Note: this action disables further header or body_checks inspection
+of the current message and affects all recipients.
+.sp
+Postfix version 2.3 and later support enhanced status codes.
+When no code is specified at the beginning of \fIoptional
+text...\fR, Postfix inserts a default enhanced status code of
+"5.7.1".
+.sp
+This feature is not supported with smtp header/body checks.
+.IP "\fBSTRIP \fIoptional text...\fR"
+Log a "strip:" record with the \fIoptional text...\fR (or
+log a generic text), delete the input line from the input,
+and inspect the next input line. See \fBIGNORE\fR for a
+silent alternative.
+.sp
+This feature is available in Postfix 3.2 and later.
+.IP "\fBWARN \fIoptional text...\fR
+Log a "warning:" record with the \fIoptional text...\fR (or
+log a generic text), and inspect the next input line. This
+action is useful for debugging and for testing a pattern
+before applying more drastic actions.
+.SH BUGS
+.ad
+.fi
+Empty lines never match, because some map types mis\-behave
+when given a zero\-length search string. This limitation may
+be removed for regular expression tables in a future release.
+
+Many people overlook the main limitations of header and body_checks
+rules.
+.IP \(bu
+These rules operate on one logical message header or one body
+line at a time. A decision made for one line is not carried over
+to the next line.
+.IP \(bu
+If text in the message body is encoded
+(RFC 2045) then the rules need to be specified for the encoded
+form.
+.IP \(bu
+Likewise, when message headers are encoded (RFC
+2047) then the rules need to be specified for the encoded
+form.
+.PP
+Message headers added by the \fBcleanup\fR(8) daemon itself
+are excluded from inspection. Examples of such message headers
+are \fBFrom:\fR, \fBTo:\fR, \fBMessage\-ID:\fR, \fBDate:\fR.
+
+Message headers deleted by the \fBcleanup\fR(8) daemon will
+be examined before they are deleted. Examples are: \fBBcc:\fR,
+\fBContent\-Length:\fR, \fBReturn\-Path:\fR.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+.IP \fBbody_checks\fR
+Lookup tables with content filter rules for message body lines.
+These filters see one physical line at a time, in chunks of
+at most \fB$line_length_limit\fR bytes.
+.IP \fBbody_checks_size_limit\fP
+The amount of content per message body segment (attachment) that is
+subjected to \fB$body_checks\fR filtering.
+.IP \fBheader_checks\fR
+.IP "\fBmime_header_checks\fR (default: \fB$header_checks\fR)"
+.IP "\fBnested_header_checks\fR (default: \fB$header_checks\fR)"
+Lookup tables with content filter rules for message header lines:
+respectively, these are applied to the initial message headers
+(not including MIME headers), to the MIME headers anywhere in
+the message, and to the initial headers of attached messages.
+.sp
+Note: these filters see one logical message header at a time, even
+when a message header spans multiple lines. Message headers that
+are longer than \fB$header_size_limit\fR characters are truncated.
+.IP \fBdisable_mime_input_processing\fR
+While receiving mail, give no special treatment to MIME related
+message headers; all text after the initial message headers is
+considered to be part of the message body. This means that
+\fBheader_checks\fR is applied to all the initial message headers,
+and that \fBbody_checks\fR is applied to the remainder of the
+message.
+.sp
+Note: when used in this manner, \fBbody_checks\fR will process
+a multi\-line message header one line at a time.
+.SH "EXAMPLES"
+.na
+.nf
+.ad
+.fi
+Header pattern to block attachments with bad file name
+extensions. For convenience, the PCRE /x flag is specified,
+so that there is no need to collapse the pattern into a
+single line of text. The purpose of the [[:xdigit:]]
+sub\-expressions is to recognize Windows CLSID strings.
+
+.na
+.nf
+/etc/postfix/main.cf:
+ header_checks = pcre:/etc/postfix/header_checks.pcre
+
+/etc/postfix/header_checks.pcre:
+ /^Content\-(Disposition|Type).*name\es*=\es*"?([^;]*(\e.|=2E)(
+ ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|
+ hlp|ht[at]|
+ inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws|
+ \e{[[:xdigit:]]{8}(?:\-[[:xdigit:]]{4}){3}\-[[:xdigit:]]{12}\e}|
+ ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf|
+ vb[esx]?|vxd|ws[cfh]))(\e?=)?"?\es*(;|$)/x
+ REJECT Attachment name "$2" may not end with ".$4"
+.ad
+.fi
+
+Body pattern to stop a specific HTML browser vulnerability exploit.
+
+.na
+.nf
+/etc/postfix/main.cf:
+ body_checks = regexp:/etc/postfix/body_checks
+
+/etc/postfix/body_checks:
+ /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
+ REJECT IFRAME vulnerability exploit
+.SH "SEE ALSO"
+.na
+.nf
+cleanup(8), canonicalize and enqueue Postfix message
+pcre_table(5), format of PCRE lookup tables
+regexp_table(5), format of POSIX regular expression tables
+postconf(1), Postfix configuration utility
+postmap(1), Postfix lookup table management
+postsuper(1), Postfix janitor
+postcat(1), show Postfix queue file contents
+RFC 2045, base64 and quoted\-printable encoding rules
+RFC 2047, message header encoding for non\-ASCII text
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+DATABASE_README, Postfix lookup table overview
+CONTENT_INSPECTION_README, Postfix content inspection overview
+BUILTIN_FILTER_README, Postfix built\-in content inspection
+BACKSCATTER_README, blocking returned forged mail
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man5/ldap_table.5 b/man/man5/ldap_table.5
new file mode 100644
index 0000000..660f2c5
--- /dev/null
+++ b/man/man5/ldap_table.5
@@ -0,0 +1,751 @@
+.TH LDAP_TABLE 5
+.ad
+.fi
+.SH NAME
+ldap_table
+\-
+Postfix LDAP client configuration
+.SH "SYNOPSIS"
+.na
+.nf
+\fBpostmap \-q "\fIstring\fB" ldap:/etc/postfix/\fIfilename\fR
+
+\fBpostmap \-q \- ldap:/etc/postfix/\fIfilename\fB <\fIinputfile\fR
+.SH DESCRIPTION
+.ad
+.fi
+The Postfix mail system uses optional tables for address
+rewriting or mail routing. These tables are usually in
+\fBdbm\fR or \fBdb\fR format.
+
+Alternatively, lookup tables can be specified as LDAP databases.
+
+In order to use LDAP lookups, define an LDAP source as a lookup
+table in main.cf, for example:
+
+.nf
+ alias_maps = ldap:/etc/postfix/ldap\-aliases.cf
+.fi
+
+The file /etc/postfix/ldap\-aliases.cf has the same format as
+the Postfix main.cf file, and can specify the parameters
+described below. An example is given at the end of this manual.
+
+This configuration method is available with Postfix version
+2.1 and later. See the section "OBSOLETE MAIN.CF PARAMETERS"
+below for older Postfix versions.
+
+For details about LDAP SSL and STARTTLS, see the section
+on SSL and STARTTLS below.
+.SH "LIST MEMBERSHIP"
+.na
+.nf
+.ad
+.fi
+When using LDAP to store lists such as $mynetworks,
+$mydestination, $relay_domains, $local_recipient_maps,
+etc., it is important to understand that the table must
+store each list member as a separate key. The table lookup
+verifies the *existence* of the key. See "Postfix lists
+versus tables" in the DATABASE_README document for a
+discussion.
+
+Do NOT create tables that return the full list of domains
+in $mydestination or $relay_domains etc., or IP addresses
+in $mynetworks.
+
+DO create tables with each matching item as a key and with
+an arbitrary value. With LDAP databases it is not uncommon to
+return the key itself.
+
+For example, NEVER do this in a map defining $mydestination:
+
+.nf
+ query_filter = domain=*
+ result_attribute = domain
+.fi
+
+Do this instead:
+
+.nf
+ query_filter = domain=%s
+ result_attribute = domain
+.fi
+.SH "GENERAL LDAP PARAMETERS"
+.na
+.nf
+.ad
+.fi
+In the text below, default values are given in parentheses.
+Note: don't use quotes in these variables; at least, not until the
+Postfix configuration routines understand how to deal with quoted
+strings.
+.IP "\fBserver_host (default: localhost)\fR"
+The name of the host running the LDAP server, e.g.
+
+.nf
+ server_host = ldap.example.com
+.fi
+
+Depending on the LDAP client library you're using, it should
+be possible to specify multiple servers here, with the library
+trying them in order should the first one fail. It should also
+be possible to give each server in the list a different port
+(overriding \fBserver_port\fR below), by naming them like
+
+.nf
+ server_host = ldap.example.com:1444
+.fi
+
+With OpenLDAP, a (list of) LDAP URLs can be used to specify both
+the hostname(s) and the port(s):
+
+.nf
+ server_host = ldap://ldap.example.com:1444
+ ldap://ldap2.example.com:1444
+.fi
+
+All LDAP URLs accepted by the OpenLDAP library are supported,
+including connections over UNIX domain sockets, and LDAP SSL
+(the last one provided that OpenLDAP was compiled with support
+for SSL):
+
+.nf
+ server_host = ldapi://%2Fsome%2Fpath
+ ldaps://ldap.example.com:636
+.fi
+.IP "\fBserver_port (default: 389)\fR"
+The port the LDAP server listens on, e.g.
+
+.nf
+ server_port = 778
+.fi
+.IP "\fBtimeout (default: 10 seconds)\fR"
+The number of seconds a search can take before timing out, e.g.
+
+.fi
+ timeout = 5
+.fi
+.IP "\fBsearch_base (No default; you must configure this)\fR"
+The RFC2253 base DN at which to conduct the search, e.g.
+
+.nf
+ search_base = dc=your, dc=com
+.fi
+.IP
+With Postfix 2.2 and later this parameter supports the
+following '%' expansions:
+.RS
+.IP "\fB%%\fR"
+This is replaced by a literal '%' character.
+.IP "\fB%s\fR"
+This is replaced by the input key.
+RFC 2253 quoting is used to make sure that the input key
+does not add unexpected metacharacters.
+.IP "\fB%u\fR"
+When the input key is an address of the form user@domain, \fB%u\fR
+is replaced by the (RFC 2253) quoted local part of the address.
+Otherwise, \fB%u\fR is replaced by the entire search string.
+If the localpart is empty, the search is suppressed and returns
+no results.
+.IP "\fB%d\fR"
+When the input key is an address of the form user@domain, \fB%d\fR
+is replaced by the (RFC 2253) quoted domain part of the address.
+Otherwise, the search is suppressed and returns no results.
+.IP "\fB%[SUD]\fR"
+For the \fBsearch_base\fR parameter, the upper\-case equivalents
+of the above expansions behave identically to their lower\-case
+counter\-parts. With the \fBresult_format\fR parameter (previously
+called \fBresult_filter\fR see the OTHER OBSOLETE FEATURES section
+and below), they expand to the corresponding components of input
+key rather than the result value.
+.IP "\fB%[1\-9]\fR"
+The patterns %1, %2, ... %9 are replaced by the corresponding
+most significant component of the input key's domain. If the
+input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR,
+%2 is \fBexample\fR and %3 is \fBmail\fR. If the input key is
+unqualified or does not have enough domain components to satisfy
+all the specified patterns, the search is suppressed and returns
+no results.
+.RE
+.IP "\fBquery_filter (default: mailacceptinggeneralid=%s)\fR"
+The RFC2254 filter used to search the directory, where \fB%s\fR
+is a substitute for the address Postfix is trying to resolve,
+e.g.
+
+.nf
+ query_filter = (&(mail=%s)(paid_up=true))
+.fi
+
+This parameter supports the following '%' expansions:
+.RS
+.IP "\fB%%\fR"
+This is replaced by a literal '%' character. (Postfix 2.2 and later).
+.IP "\fB%s\fR"
+This is replaced by the input key.
+RFC 2254 quoting is used to make sure that the input key
+does not add unexpected metacharacters.
+.IP "\fB%u\fR"
+When the input key is an address of the form user@domain, \fB%u\fR
+is replaced by the (RFC 2254) quoted local part of the address.
+Otherwise, \fB%u\fR is replaced by the entire search string.
+If the localpart is empty, the search is suppressed and returns
+no results.
+.IP "\fB%d\fR"
+When the input key is an address of the form user@domain, \fB%d\fR
+is replaced by the (RFC 2254) quoted domain part of the address.
+Otherwise, the search is suppressed and returns no results.
+.IP "\fB%[SUD]\fR"
+The upper\-case equivalents of the above expansions behave in the
+\fBquery_filter\fR parameter identically to their lower\-case
+counter\-parts. With the \fBresult_format\fR parameter (previously
+called \fBresult_filter\fR see the OTHER OBSOLETE FEATURES section
+and below), they expand to the corresponding components of input
+key rather than the result value.
+.IP
+The above %S, %U and %D expansions are available with Postfix 2.2
+and later.
+.IP "\fB%[1\-9]\fR"
+The patterns %1, %2, ... %9 are replaced by the corresponding
+most significant component of the input key's domain. If the
+input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR,
+%2 is \fBexample\fR and %3 is \fBmail\fR. If the input key is
+unqualified or does not have enough domain components to satisfy
+all the specified patterns, the search is suppressed and returns
+no results.
+.IP
+The above %1, ..., %9 expansions are available with Postfix 2.2
+and later.
+.RE
+.IP
+The "domain" parameter described below limits the input
+keys to addresses in matching domains. When the "domain"
+parameter is non\-empty, LDAP queries for unqualified
+addresses or addresses in non\-matching domains are suppressed
+and return no results.
+
+NOTE: DO NOT put quotes around the \fBquery_filter\fR parameter.
+.IP "\fBresult_format (default: \fB%s\fR)\fR"
+Called \fBresult_filter\fR in Postfix releases prior to 2.2.
+Format template applied to result attributes. Most commonly used
+to append (or prepend) text to the result. This parameter supports
+the following '%' expansions:
+.RS
+.IP "\fB%%\fR"
+This is replaced by a literal '%' character. (Postfix 2.2 and later).
+.IP "\fB%s\fR"
+This is replaced by the value of the result attribute. When
+result is empty it is skipped.
+.IP "\fB%u\fR
+When the result attribute value is an address of the form
+user@domain, \fB%u\fR is replaced by the local part of the
+address. When the result has an empty localpart it is skipped.
+.IP "\fB%d\fR"
+When a result attribute value is an address of the form
+user@domain, \fB%d\fR is replaced by the domain part of
+the attribute value. When the result is unqualified it
+is skipped.
+.IP "\fB%[SUD1\-9]\fR"
+The upper\-case and decimal digit expansions interpolate
+the parts of the input key rather than the result. Their
+behavior is identical to that described with \fBquery_filter\fR,
+and in fact because the input key is known in advance, lookups
+whose key does not contain all the information specified in
+the result template are suppressed and return no results.
+.IP
+The above %S, %U, %D and %1, ..., %9 expansions are available with
+Postfix 2.2 and later.
+.RE
+.IP
+For example, using "result_format = smtp:[%s]" allows one
+to use a mailHost attribute as the basis of a transport(5)
+table. After applying the result format, multiple values
+are concatenated as comma separated strings. The expansion_limit
+and size_limit parameters explained below allow one to
+restrict the number of values in the result, which is
+especially useful for maps that should return a single
+value.
+
+The default value \fB%s\fR specifies that each
+attribute value should be used as is.
+
+This parameter was called \fBresult_filter\fR in Postfix
+releases prior to 2.2. If no "result_format" is specified,
+the value of "result_filter" will be used instead before
+resorting to the default value. This provides compatibility
+with old configuration files.
+
+NOTE: DO NOT put quotes around the result format!
+.IP "\fBdomain (default: no domain list)\fR"
+This is a list of domain names, paths to files, or
+"type:table" databases. When specified, only fully qualified search
+keys with a *non\-empty* localpart and a matching domain
+are eligible for lookup: 'user' lookups, bare domain lookups
+and "@domain" lookups are not performed. This can significantly
+reduce the query load on the LDAP server.
+
+.nf
+ domain = postfix.org, hash:/etc/postfix/searchdomains
+.fi
+
+It is best not to use LDAP to store the domains eligible
+for LDAP lookups.
+
+NOTE: DO NOT define this parameter for local(8) aliases.
+
+This feature is available in Postfix 1.0 and later.
+.IP "\fBresult_attribute (default: maildrop)\fR"
+The attribute(s) Postfix will read from any directory
+entries returned by the lookup, to be resolved to an email
+address.
+
+.nf
+ result_attribute = mailbox, maildrop
+.fi
+
+Don't rely on the default value ("maildrop"). Set the
+result_attribute explicitly in all ldap table configuration
+files. This is particularly relevant when no result_attribute
+is applicable, e.g. cases in which leaf_result_attribute and/or
+terminal_result_attribute are used instead. The default value
+is harmless if "maildrop" is also listed as a leaf or terminal
+result attribute, but it is best to not leave this to chance.
+.IP "\fBspecial_result_attribute (default: empty)\fR"
+The attribute(s) of directory entries that can contain DNs
+or RFC 2255 LDAP URLs. If found, a recursive search
+is performed to retrieve the entry referenced by the DN, or
+the entries matched by the URL query.
+
+.nf
+ special_result_attribute = memberdn
+.fi
+
+DN recursion retrieves the same result_attributes as the
+main query, including the special attributes for further
+recursion.
+
+URL processing retrieves only those attributes that are included
+in both the URL definition and as result attributes (ordinary,
+special, leaf or terminal) in the Postfix table definition.
+If the URL lists any of the table's special result attributes,
+these are retrieved and used recursively. A URL that does not
+specify any attribute selection, is equivalent (RFC 2255) to a
+URL that selects all attributes, in which case the selected
+attributes will be the full set of result attributes in the
+Postfix table.
+
+If an LDAP URL attribute\-descriptor or the corresponding Postfix
+LDAP table result attribute (but not both) uses RFC 2255 sub\-type
+options ("attr;option"), the attribute requested from the LDAP server
+will include the sub\-type option. In all other cases, the URL
+attribute and the table attribute must match exactly. Attributes
+with options in both the URL and the Postfix table are requested
+only when the options are identical. LDAP attribute\-descriptor
+options are very rarely used, most LDAP users will not
+need to concern themselves with this level of nuanced detail.
+.IP "\fBterminal_result_attribute (default: empty)\fR"
+When one or more terminal result attributes are found in an LDAP
+entry, all other result attributes are ignored and only the terminal
+result attributes are returned. This is useful for delegating expansion
+of group members to a particular host, by using an optional "maildrop"
+attribute on selected groups to route the group to a specific host,
+where the group is expanded, possibly via mailing\-list manager or
+other special processing.
+
+.nf
+ result_attribute =
+ terminal_result_attribute = maildrop
+.fi
+
+When using terminal and/or leaf result attributes, the
+result_attribute is best set to an empty value when it is not
+used, or else explicitly set to the desired value, even if it is
+the default value "maildrop".
+
+This feature is available with Postfix 2.4 or later.
+.IP "\fBleaf_result_attribute (default: empty)\fR"
+When one or more special result attributes are found in a non\-terminal
+(see above) LDAP entry, leaf result attributes are excluded from the
+expansion of that entry. This is useful when expanding groups and the
+desired mail address attribute(s) of the member objects obtained via
+DN or URI recursion are also present in the group object. To only
+return the attribute values from the leaf objects and not the
+containing group, add the attribute to the leaf_result_attribute list,
+and not the result_attribute list, which is always expanded. Note,
+the default value of "result_attribute" is not empty, you may want to
+set it explicitly empty when using "leaf_result_attribute" to expand
+the group to a list of member DN addresses. If groups have both
+member DN references AND attributes that hold multiple string valued
+rfc822 addresses, then the string attributes go in "result_attribute".
+The attributes that represent the email addresses of objects
+referenced via a DN (or LDAP URI) go in "leaf_result_attribute".
+
+.nf
+ result_attribute = memberaddr
+ special_result_attribute = memberdn
+ terminal_result_attribute = maildrop
+ leaf_result_attribute = mail
+.fi
+
+When using terminal and/or leaf result attributes, the
+result_attribute is best set to an empty value when it is not
+used, or else explicitly set to the desired value, even if it is
+the default value "maildrop".
+
+This feature is available with Postfix 2.4 or later.
+.IP "\fBscope (default: sub)\fR"
+The LDAP search scope: \fBsub\fR, \fBbase\fR, or \fBone\fR.
+These translate into LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE,
+and LDAP_SCOPE_ONELEVEL.
+.IP "\fBbind (default: yes)\fR"
+Whether or how to bind to the LDAP server. Newer LDAP
+implementations don't require clients to bind, which saves
+time. Example:
+
+.nf
+ # Don't bind
+ bind = no
+ # Use SIMPLE bind
+ bind = yes
+ # Use SASL bind
+ bind = sasl
+.fi
+
+Postfix versions prior to 2.8 only support "bind = no" which
+means don't bind, and "bind = yes" which means do a SIMPLE bind.
+Postfix 2.8 and later also supports "bind = SASL" when compiled
+with LDAP SASL support as described in LDAP_README, it also adds
+the synonyms "bind = none" and "bind = simple" for "bind = no"
+and "bind = yes" respectively. See the SASL section below for
+additional parameters available with "bind = sasl".
+
+If you do need to bind, you might consider configuring
+Postfix to connect to the local machine on a port that's
+an SSL tunnel to your LDAP server. If your LDAP server
+doesn't natively support SSL, put a tunnel (wrapper, proxy,
+whatever you want to call it) on that system too. This
+should prevent the password from traversing the network in
+the clear.
+.IP "\fBbind_dn (default: empty)\fR"
+If you do have to bind, do it with this distinguished name. Example:
+
+.nf
+ bind_dn = uid=postfix, dc=your, dc=com
+.fi
+With "bind = sasl" (see above) the DN may be optional for some SASL
+mechanisms, don't specify a DN if not needed.
+.IP "\fBbind_pw (default: empty)\fR"
+The password for the distinguished name above. If you have
+to use this, you probably want to make the map configuration
+file readable only by the Postfix user. When using the
+obsolete ldap:ldapsource syntax, with map parameters in
+main.cf, it is not possible to securely store the bind
+password. This is because main.cf needs to be world readable
+to allow local accounts to submit mail via the sendmail
+command. Example:
+
+.nf
+ bind_pw = postfixpw
+.fi
+With "bind = sasl" (see above) the password may be optional
+for some SASL mechanisms, don't specify a password if not needed.
+.IP "\fBcache (IGNORED with a warning)\fR"
+.IP "\fBcache_expiry (IGNORED with a warning)\fR"
+.IP "\fBcache_size (IGNORED with a warning)\fR"
+The above parameters are NO LONGER SUPPORTED by Postfix.
+Cache support has been dropped from OpenLDAP as of release
+2.1.13.
+.IP "\fBrecursion_limit (default: 1000)\fR"
+A limit on the nesting depth of DN and URL special result
+attribute evaluation. The limit must be a non\-zero positive
+number.
+.IP "\fBexpansion_limit (default: 0)\fR"
+A limit on the total number of result elements returned
+(as a comma separated list) by a lookup against the map.
+A setting of zero disables the limit. Lookups fail with a
+temporary error if the limit is exceeded. Setting the
+limit to 1 ensures that lookups do not return multiple
+values.
+.IP "\fBsize_limit (default: $expansion_limit)\fR"
+A limit on the number of LDAP entries returned by any single
+LDAP search performed as part of the lookup. A setting of
+0 disables the limit. Expansion of DN and URL references
+involves nested LDAP queries, each of which is separately
+subjected to this limit.
+
+Note: even a single LDAP entry can generate multiple lookup
+results, via multiple result attributes and/or multi\-valued
+result attributes. This limit caps the per search resource
+utilization on the LDAP server, not the final multiplicity
+of the lookup result. It is analogous to the "\-z" option
+of "ldapsearch".
+.IP "\fBdereference (default: 0)\fR"
+When to dereference LDAP aliases. (Note that this has
+nothing do with Postfix aliases.) The permitted values are
+those legal for the OpenLDAP/UM LDAP implementations:
+.RS
+.IP 0
+never
+.IP 1
+when searching
+.IP 2
+when locating the base object for the search
+.IP 3
+always
+.RE
+.IP
+See ldap.h or the ldap_open(3) or ldapsearch(1) man pages
+for more information. And if you're using an LDAP package
+that has other possible values, please bring it to the
+attention of the postfix\-users@postfix.org mailing list.
+.IP "\fBchase_referrals (default: 0)\fR"
+Sets (or clears) LDAP_OPT_REFERRALS (requires LDAP version
+3 support).
+.IP "\fBversion (default: 2)\fR"
+Specifies the LDAP protocol version to use.
+.IP "\fBdebuglevel (default: 0)\fR"
+What level to set for debugging in the OpenLDAP libraries.
+.SH "LDAP SASL PARAMETERS"
+.na
+.nf
+.ad
+.fi
+If you're using the OpenLDAP libraries compiled with SASL
+support, Postfix 2.8 and later built with LDAP SASL support
+as described in LDAP_README can authenticate to LDAP servers
+via SASL.
+
+This enables authentication to the LDAP server via mechanisms
+other than a simple password. The added flexibility has a cost:
+it is no longer practical to set an explicit timeout on the duration
+of an LDAP bind operation. Under adverse conditions, whether a SASL
+bind times out, or if it does, the duration of the timeout is
+determined by the LDAP and SASL libraries.
+
+It is best to use tables that use SASL binds via proxymap(8), this
+way the requesting process can time\-out the proxymap request. This
+also lets you tailer the process environment by overriding the
+proxymap(8) import_environment setting in master.cf(5). Special
+environment settings may be needed to configure GSSAPI credential
+caches or other SASL mechanism specific options. The GSSAPI
+credentials used for LDAP lookups may need to be different than
+say those used for the Postfix SMTP client to authenticate to remote
+servers.
+
+Using SASL mechanisms requires LDAP protocol version 3, the default
+protocol version is 2 for backwards compatibility. You must set
+"version = 3" in addition to "bind = sasl".
+
+The following parameters are relevant to using LDAP with SASL
+.IP "\fBsasl_mechs (default: empty)\fR"
+Space separated list of SASL mechanism(s) to try.
+.IP "\fBsasl_realm (default: empty)\fR"
+SASL Realm to use, if applicable.
+.IP "\fBsasl_authz_id (default: empty)\fR"
+The SASL authorization identity to assert, if applicable.
+.IP "\fBsasl_minssf (default: 0)\fR"
+The minimum required sasl security factor required to establish a
+connection.
+.SH "LDAP SSL AND STARTTLS PARAMETERS"
+.na
+.nf
+.ad
+.fi
+If you're using the OpenLDAP libraries compiled with SSL
+support, Postfix can connect to LDAP SSL servers and can
+issue the STARTTLS command.
+
+LDAP SSL service can be requested by using a LDAP SSL URL
+in the server_host parameter:
+
+.nf
+ server_host = ldaps://ldap.example.com:636
+.fi
+
+STARTTLS can be turned on with the start_tls parameter:
+
+.nf
+ start_tls = yes
+.fi
+
+Both forms require LDAP protocol version 3, which has to be set
+explicitly with:
+
+.nf
+ version = 3
+.fi
+
+If any of the Postfix programs querying the map is configured in
+master.cf to run chrooted, all the certificates and keys involved
+have to be copied to the chroot jail. Of course, the private keys
+should only be readable by the user "postfix".
+
+The following parameters are relevant to LDAP SSL and STARTTLS:
+.IP "\fBstart_tls (default: no)\fR"
+Whether or not to issue STARTTLS upon connection to the
+server. Don't set this with LDAP SSL (the SSL session is setup
+automatically when the TCP connection is opened).
+.IP "\fBtls_ca_cert_dir (No default; set either this or tls_ca_cert_file)\fR"
+Directory containing X509 Certification Authority certificates
+in PEM format which are to be recognized by the client in
+SSL/TLS connections. The files each contain one CA certificate.
+The files are looked up by the CA subject name hash value,
+which must hence be available. If more than one CA certificate
+with the same name hash value exist, the extension must be
+different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search is
+performed in the ordering of the extension number, regardless
+of other properties of the certificates. Use the c_rehash
+utility (from the OpenSSL distribution) to create the
+necessary links.
+.IP "\fBtls_ca_cert_file (No default; set either this or tls_ca_cert_dir)\fR"
+File containing the X509 Certification Authority certificates
+in PEM format which are to be recognized by the client in
+SSL/TLS connections. This setting takes precedence over
+tls_ca_cert_dir.
+.IP "\fBtls_cert (No default; you must set this)\fR"
+File containing client's X509 certificate to be used by
+the client in SSL/ TLS connections.
+.IP "\fBtls_key (No default; you must set this)\fR"
+File containing the private key corresponding to the above
+tls_cert.
+.IP "\fBtls_require_cert (default: no)\fR"
+Whether or not to request server's X509 certificate and
+check its validity when establishing SSL/TLS connections.
+The supported values are \fBno\fR and \fByes\fR.
+.sp
+With \fBno\fR, the server certificate trust chain is not checked,
+but with OpenLDAP prior to 2.1.13, the name in the server
+certificate must still match the LDAP server name. With OpenLDAP
+2.0.0 to 2.0.11 the server name is not necessarily what you
+specified, rather it is determined (by reverse lookup) from the
+IP address of the LDAP server connection. With OpenLDAP prior to
+2.0.13, subjectAlternativeName extensions in the LDAP server
+certificate are ignored: the server name must match the subject
+CommonName. The \fBno\fR setting corresponds to the \fBnever\fR
+value of \fBTLS_REQCERT\fR in LDAP client configuration files.
+.sp
+Don't use TLS with OpenLDAP 2.0.x (and especially with x <= 11)
+if you can avoid it.
+.sp
+With \fByes\fR, the server certificate must be issued by a trusted
+CA, and not be expired. The LDAP server name must match one of the
+name(s) found in the certificate (see above for OpenLDAP library
+version dependent behavior). The \fByes\fR setting corresponds to the
+\fBdemand\fR value of \fBTLS_REQCERT\fR in LDAP client configuration
+files.
+.sp
+The "try" and "allow" values of \fBTLS_REQCERT\fR have no equivalents
+here. They are not available with OpenLDAP 2.0, and in any case have
+questionable security properties. Either you want TLS verified LDAP
+connections, or you don't.
+.sp
+The \fByes\fR value only works correctly with Postfix 2.5 and later,
+or with OpenLDAP 2.0. Earlier Postfix releases or later OpenLDAP
+releases don't work together with this setting. Support for LDAP
+over TLS was added to Postfix based on the OpenLDAP 2.0 API.
+.IP "\fBtls_random_file (No default)\fR"
+Path of a file to obtain random bits from when /dev/[u]random
+is not available, to be used by the client in SSL/TLS
+connections.
+.IP "\fBtls_cipher_suite (No default)\fR"
+Cipher suite to use in SSL/TLS negotiations.
+.SH "EXAMPLE"
+.na
+.nf
+.ad
+.fi
+Here's a basic example for using LDAP to look up local(8)
+aliases.
+Assume that in main.cf, you have:
+
+.nf
+ alias_maps = hash:/etc/aliases,
+ ldap:/etc/postfix/ldap\-aliases.cf
+.fi
+
+and in ldap:/etc/postfix/ldap\-aliases.cf you have:
+
+.nf
+ server_host = ldap.example.com
+ search_base = dc=example, dc=com
+.fi
+
+Upon receiving mail for a local address "ldapuser" that
+isn't found in the /etc/aliases database, Postfix will
+search the LDAP server listening at port 389 on ldap.example.com.
+It will bind anonymously, search for any directory entries
+whose mailacceptinggeneralid attribute is "ldapuser", read
+the "maildrop" attributes of those found, and build a list
+of their maildrops, which will be treated as RFC822 addresses
+to which the message will be delivered.
+.SH "OBSOLETE MAIN.CF PARAMETERS"
+.na
+.nf
+.ad
+.fi
+For backwards compatibility with Postfix version 2.0 and earlier,
+LDAP parameters can also be defined in main.cf. Specify
+as LDAP source a name that doesn't begin with a slash or
+a dot. The LDAP parameters will then be accessible as the
+name you've given the source in its definition, an underscore,
+and the name of the parameter. For example, if the map is
+specified as "ldap:\fIldapsource\fR", the "server_host"
+parameter below would be defined in main.cf as
+"\fIldapsource\fR_server_host".
+
+Note: with this form, the passwords for the LDAP sources are
+written in main.cf, which is normally world\-readable. Support
+for this form will be removed in a future Postfix version.
+.SH "OTHER OBSOLETE FEATURES"
+.na
+.nf
+.ad
+.fi
+.IP "\fBresult_filter (No default)\fR"
+For backwards compatibility with the pre
+2.2 LDAP clients, \fBresult_filter\fR can for now be used instead
+of \fBresult_format\fR, when the latter parameter is not also set.
+The new name better reflects the function of the parameter. This
+compatibility interface may be removed in a future release.
+.SH "SEE ALSO"
+.na
+.nf
+postmap(1), Postfix lookup table manager
+postconf(5), configuration parameters
+mysql_table(5), MySQL lookup tables
+pgsql_table(5), PostgreSQL lookup tables
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+DATABASE_README, Postfix lookup table overview
+LDAP_README, Postfix LDAP client guide
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+.ad
+.fi
+Carsten Hoeger,
+Hery Rakotoarisoa,
+John Hensley,
+Keith Stevenson,
+LaMont Jones,
+Liviu Daia,
+Manuel Guesdon,
+Mike Mattice,
+Prabhat K Singh,
+Sami Haahtinen,
+Samuel Tardieu,
+Victor Duchovni,
+and many others.
diff --git a/man/man5/lmdb_table.5 b/man/man5/lmdb_table.5
new file mode 100644
index 0000000..c4c74d6
--- /dev/null
+++ b/man/man5/lmdb_table.5
@@ -0,0 +1,142 @@
+.TH LMDB_TABLE 5
+.ad
+.fi
+.SH NAME
+lmdb_table
+\-
+Postfix LMDB adapter
+.SH "SYNOPSIS"
+.na
+.nf
+\fBpostmap lmdb:/etc/postfix/\fIfilename\fR
+.br
+\fBpostmap \-i lmdb:/etc/postfix/\fIfilename\fB <\fIinputfile\fR
+
+\fBpostmap \-d "\fIkey\fB" lmdb:/etc/postfix/\fIfilename\fR
+.br
+\fBpostmap \-d \- lmdb:/etc/postfix/\fIfilename\fB <\fIinputfile\fR
+
+\fBpostmap \-q "\fIkey\fB" lmdb:/etc/postfix/\fIfilename\fR
+.br
+\fBpostmap \-q \- lmdb:/etc/postfix/\fIfilename\fB <\fIinputfile\fR
+.SH DESCRIPTION
+.ad
+.fi
+The Postfix LMDB adapter provides access to a persistent,
+memory\-mapped, key\-value store. The database size is limited
+only by the size of the memory address space (typically 31
+or 47 bits on 32\-bit or 64\-bit CPUs, respectively) and by
+the available file system space.
+.SH "REQUESTS"
+.na
+.nf
+.ad
+.fi
+The LMDB adapter supports all Postfix lookup table operations.
+This makes LMDB suitable for Postfix address rewriting,
+routing, access policies, caches, or any information that
+can be stored under a fixed lookup key.
+
+When a transaction fails due to a full database, Postfix
+resizes the database and retries the transaction.
+
+Postfix table lookups may generate partial search keys such
+as domain names without one or more subdomains, network
+addresses without one or more least\-significant octets, or
+email addresses without the localpart, address extension
+or domain portion. This behavior is also found with, for
+example, btree:, hash:, or ldap: tables.
+
+Changes to an LMDB database do not trigger an automatic
+daemon restart, and do not require a daemon restart with
+"\fBpostfix reload\fR".
+.SH "RELIABILITY"
+.na
+.nf
+.ad
+.fi
+LMDB's copy\-on\-write architecture provides safe updates,
+at the cost of using more space than some other flat\-file
+databases. Read operations are memory\-mapped for speed.
+Write operations are not memory\-mapped to avoid silent
+corruption due to stray pointer bugs.
+
+Multiple processes can safely update an LMDB database without
+serializing requests through the proxymap(8) service. This
+makes LMDB suitable as a shared cache for verify(8) or
+postscreen(8) services.
+.SH "SYNCHRONIZATION"
+.na
+.nf
+.ad
+.fi
+The Postfix LMDB adapter does not use LMDB's built\-in locking
+scheme, because that would require world\-writable lockfiles
+and would violate the Postfix security model. Instead,
+Postfix uses fcntl(2) locks with whole\-file granularity.
+Programs that use LMDB's built\-in locking protocol will
+corrupt a Postfix LMDB database or will read garbage.
+
+Every Postfix LMDB database read or write transaction must
+be protected from start to end with a shared or exclusive
+fcntl(2) lock. A writer may atomically downgrade an exclusive
+lock to a shared lock, but it must hold an exclusive lock
+while opening another write transaction.
+
+Note that fcntl(2) locks do not protect transactions within
+the same process against each other. If a program cannot
+avoid making simultaneous database requests, then it must
+protect its transactions with in\-process locks, in addition
+to the per\-process fcntl(2) locks.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+Short\-lived programs automatically pick up changes to
+main.cf. With long\-running daemon programs, Use the command
+"\fBpostfix reload\fR" after a configuration change.
+.IP "\fBlmdb_map_size (16777216)\fR"
+The initial OpenLDAP LMDB database size limit in bytes.
+.SH "SEE ALSO"
+.na
+.nf
+postconf(1), Postfix supported lookup tables
+postmap(1), Postfix lookup table maintenance
+postconf(5), configuration parameters
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+DATABASE_README, Postfix lookup table overview
+LMDB_README, Postfix OpenLDAP LMDB howto
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH HISTORY
+.ad
+.fi
+LMDB support was introduced with Postfix version 2.11.
+.SH "AUTHOR(S)"
+.na
+.nf
+Howard Chu
+Symas Corporation
+
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man5/master.5 b/man/man5/master.5
new file mode 100644
index 0000000..48fd4fd
--- /dev/null
+++ b/man/man5/master.5
@@ -0,0 +1,270 @@
+.TH MASTER 5
+.ad
+.fi
+.SH NAME
+master
+\-
+Postfix master process configuration file format
+.SH DESCRIPTION
+.ad
+.fi
+The Postfix mail system is implemented by small number of
+(mostly) client commands that are invoked by users, and by
+a larger number of services that run in the background.
+
+Postfix services are implemented by daemon processes. These
+run in the background, started on\-demand by the \fBmaster\fR(8)
+process. The master.cf configuration file defines how a
+client program connects to a service, and what daemon
+program runs when a service is requested. Most daemon
+processes are short\-lived and terminate voluntarily after
+serving \fBmax_use\fR clients, or after inactivity for
+\fBmax_idle\fR or more units of time.
+
+All daemons specified here must speak a Postfix\-internal
+protocol. In order to execute non\-Postfix software use the
+\fBlocal\fR(8), \fBpipe\fR(8) or \fBspawn\fR(8) services, or
+execute the software with \fBinetd\fR(8) or equivalent.
+.PP
+After changing master.cf you must execute "\fBpostfix reload\fR"
+to reload the configuration.
+.SH "SYNTAX"
+.na
+.nf
+.ad
+.fi
+The general format of the master.cf file is as follows:
+.IP \(bu
+Empty lines and whitespace\-only lines are ignored, as are
+lines whose first non\-whitespace character is a `#'.
+.IP \(bu
+A logical line starts with non\-whitespace text. A line that
+starts with whitespace continues a logical line.
+.IP \(bu
+Each logical line defines a single Postfix service.
+Each service is identified by its name and type as described
+below. When multiple lines specify the same service name
+and type, only the last one is remembered. Otherwise, the
+order of master.cf service definitions does not matter.
+.PP
+Each logical line consists of eight fields separated by
+whitespace. These are described below in the order as they
+appear in the master.cf file.
+
+Where applicable a field of "\-" requests that the built\-in
+default value be used. For boolean fields specify "y" or
+"n" to override the default value.
+.IP "\fBService name\fR"
+The service name syntax depends on the service type as
+described next.
+.IP "\fBService type\fR"
+Specify one of the following service types:
+.RS
+.IP \fBinet\fR
+The service listens on a TCP/IP socket and is accessible
+via the network.
+
+The service name is specified as \fIhost:port\fR, denoting
+the host and port on which new connections should be
+accepted. The host part (and colon) may be omitted. Either
+host or port may be given in symbolic form (see \fBhosts\fR(5) or
+\fBservices\fR(5)) or in numeric form (IP address or port number).
+Host information may be enclosed inside "[]"; this form
+is necessary only with IPv6 addresses.
+.sp
+Examples: a service named \fB127.0.0.1:smtp\fR or \fB::1:smtp\fR
+receives
+mail via the loopback interface only; and a service named
+\fB10025\fR accepts connections on TCP port 10025 via
+all interfaces configured with the \fBinet_interfaces\fR
+parameter.
+
+.sp
+Note: with Postfix version 2.2 and later specify
+"\fBinet_interfaces = loopback\-only\fR" in main.cf, instead
+of hard\-coding loopback IP address information in master.cf
+or in main.cf.
+.IP \fBunix\fR
+The service listens on a UNIX\-domain stream socket and is
+accessible for local clients only.
+
+The service name is a pathname relative to the Postfix
+queue directory (pathname controlled with the \fBqueue_directory\fR
+configuration parameter in main.cf).
+.sp
+On Solaris 8 and earlier systems the \fBunix\fR type is
+implemented with streams sockets.
+.IP \fBunix\-dgram\fR
+The service listens on a UNIX\-domain datagram socket and is
+accessible for local clients only.
+
+The service name is a pathname relative to the Postfix
+queue directory (pathname controlled with the \fBqueue_directory\fR
+configuration parameter in main.cf).
+.IP "\fBfifo\fR (obsolete)"
+The service listens on a FIFO (named pipe) and is accessible
+for local clients only.
+
+The service name is a pathname relative to the Postfix
+queue directory (pathname controlled with the \fBqueue_directory\fR
+configuration parameter in main.cf).
+.IP \fBpass\fR
+The service listens on a UNIX\-domain stream socket, and is
+accessible to local clients only. It receives one open
+connection (file descriptor passing) per connection request.
+
+The service name is a pathname relative to the Postfix
+queue directory (pathname controlled with the \fBqueue_directory\fR
+configuration parameter in main.cf).
+.sp
+On Solaris 8 and earlier systems the \fBpass\fR type is
+implemented with streams sockets.
+
+This feature is available as of Postfix version 2.5.
+.RE
+.IP "\fBPrivate (default: y)\fR"
+Whether a service is internal to Postfix (pathname starts
+with \fBprivate/\fR), or exposed through Postfix command\-line
+tools (pathname starts with \fBpublic/\fR).
+Internet (type \fBinet\fR) services can't be private.
+.IP "\fBUnprivileged (default: y)\fR"
+Whether the service runs with root privileges or as the
+owner of the Postfix system (the owner name is controlled
+by the \fBmail_owner\fR configuration variable in the
+main.cf file).
+.sp
+The \fBlocal\fR(8), \fBpipe\fR(8), \fBspawn\fR(8), and
+\fBvirtual\fR(8) daemons require privileges.
+.IP "\fBChroot (default: Postfix >= 3.0: n, Postfix < 3.0: y)\fR"
+Whether or not the service runs chrooted to the mail queue
+directory (pathname is controlled by the \fBqueue_directory\fR
+configuration variable in the main.cf file).
+.sp
+Chroot should not be used with the \fBlocal\fR(8),
+\fBpipe\fR(8), \fBspawn\fR(8), and \fBvirtual\fR(8) daemons.
+Although the
+\fBproxymap\fR(8) server can run chrooted, doing so defeats
+most of the purpose of having that service in the first
+place.
+.sp
+The files in the examples/chroot\-setup subdirectory of the
+Postfix source show how to set up a Postfix chroot environment
+on a variety of systems. See also BASIC_CONFIGURATION_README
+for issues related to running daemons chrooted.
+.IP "\fBWake up time (default: 0)\fR"
+Automatically wake up the named service after the specified
+number of seconds. The wake up is implemented by connecting
+to the service and sending a wake up request. A ? at the
+end of the wake\-up time field requests that no wake up
+events be sent before the first time a service is used.
+Specify 0 for no automatic wake up.
+.sp
+The \fBpickup\fR(8), \fBqmgr\fR(8) and \fBflush\fR(8)
+daemons require a wake up timer.
+.IP "\fBProcess limit (default: $default_process_limit)\fR"
+The maximum number of processes that may execute this
+service simultaneously. Specify 0 for no process count limit.
+.sp
+NOTE: Some Postfix services must be configured as a
+single\-process service (for example, \fBqmgr\fR(8)) and
+some services must be configured with no process limit (for
+example, \fBcleanup\fR(8)). These limits must not be
+changed.
+.IP "\fBCommand name + arguments\fR"
+The command to be executed. Characters that are special
+to the shell such as ">" or "|" have no special meaning
+here, and quotes cannot be used to protect arguments
+containing whitespace. To protect whitespace, use "{"
+and "}" as described below.
+.sp
+The command name is relative to the Postfix daemon directory
+(pathname is controlled by the \fBdaemon_directory\fR
+configuration variable).
+.sp
+The command argument syntax for specific commands is
+specified in the respective daemon manual page.
+.sp
+The following command\-line options have the same effect for
+all daemon programs:
+.RS
+.IP \fB\-D\fR
+Run the daemon under control by the command specified with
+the \fBdebugger_command\fR variable in the main.cf
+configuration file. See DEBUG_README for hints and tips.
+.IP "\fB\-o { \fIname\fR = \fIvalue\fB }\fR (long form, Postfix >= 3.0)"
+.IP "\fB\-o \fIname\fR=\fIvalue\fR (short form)"
+Override the named main.cf configuration parameter. The
+parameter value can refer to other parameters as \fI$name\fR
+etc., just like in main.cf. See \fBpostconf\fR(5) for
+syntax.
+.sp
+NOTE 1: With the "long form" shown above, whitespace
+after "{", around "=", and before "}" is ignored, and
+whitespace within the parameter value is preserved.
+.sp
+NOTE 2: with the "short form" shown above, do not specify
+whitespace around the "=" or in
+parameter values. To specify a parameter value that contains
+whitespace, use the long form described above, or use commas
+instead of spaces, or specify the value in main.cf. Example:
+.sp
+.nf
+/etc/postfix/master.cf:
+ submission inet .... smtpd
+ \-o smtpd_xxx_yyy=$submission_xxx_yyy
+.sp
+/etc/postfix/main.cf
+ submission_xxx_yyy = text with whitespace...
+.fi
+.sp
+NOTE 3: Over\-zealous use of parameter overrides makes the
+Postfix configuration hard to understand and maintain. At
+a certain point, it might be easier to configure multiple
+instances of Postfix, instead of configuring multiple
+personalities via master.cf.
+.IP \fB\-v\fR
+Increase the verbose logging level. Specify multiple \fB\-v\fR
+options to make a Postfix daemon process increasingly verbose.
+.IP "Other command\-line arguments"
+Specify "{" and "}" around command arguments that contain
+whitespace (Postfix 3.0 and later). Whitespace
+after "{" and before "}" is ignored.
+.SH "SEE ALSO"
+.na
+.nf
+master(8), process manager
+postconf(5), configuration parameters
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+BASIC_CONFIGURATION_README, basic configuration
+DEBUG_README, Postfix debugging
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Initial version by
+Magnus Baeck
+Lund Institute of Technology
+Sweden
+
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man5/memcache_table.5 b/man/man5/memcache_table.5
new file mode 100644
index 0000000..430f73c
--- /dev/null
+++ b/man/man5/memcache_table.5
@@ -0,0 +1,259 @@
+.TH MEMCACHE_TABLE 5
+.ad
+.fi
+.SH NAME
+memcache_table
+\-
+Postfix memcache client configuration
+.SH "SYNOPSIS"
+.na
+.nf
+\fBpostmap \-q "\fIstring\fB" memcache:/etc/postfix/\fIfilename\fR
+
+\fBpostmap \-q \- memcache:/etc/postfix/\fIfilename\fB <\fIinputfile\fR
+.SH DESCRIPTION
+.ad
+.fi
+The Postfix mail system uses optional tables for address
+rewriting or mail routing. These tables are usually in
+\fBdbm\fR or \fBdb\fR format.
+
+Alternatively, lookup tables can be specified as memcache
+instances. To use memcache lookups, define a memcache
+source as a lookup table in main.cf, for example:
+
+.nf
+ virtual_alias_maps = memcache:/etc/postfix/memcache\-aliases.cf
+.fi
+
+The file /etc/postfix/memcache\-aliases.cf has the same
+format as the Postfix main.cf file, and specifies the
+parameters described below.
+
+The Postfix memcache client supports the lookup, update,
+delete and sequence (first/next) operations. The sequence
+operation requires a backup database that supports the
+operation.
+.SH "MEMCACHE MAIN PARAMETERS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBmemcache (default: inet:localhost:11211)\fR"
+The memcache server (note: singular) that Postfix will try
+to connect to. For a TCP server specify "inet:" followed by
+a hostname or address, ":", and a port name or number.
+Specify an IPv6 address inside "[]".
+For a UNIX\-domain server specify "unix:" followed by the
+socket pathname. Examples:
+
+.nf
+ memcache = inet:memcache.example.com:11211
+ memcache = inet:127.0.0.1:11211
+ memcache = inet:[fc00:8d00:189::3]:11211
+ memcache = unix:/path/to/socket
+.fi
+
+NOTE: to access a UNIX\-domain socket with the proxymap(8)
+server, the socket must be accessible by the unprivileged
+postfix user.
+.IP "\fBbackup (default: undefined)\fR"
+An optional Postfix database that provides persistent backup
+for the memcache database. The Postfix memcache client will
+update the memcache database whenever it looks up or changes
+information in the persistent database. Specify a Postfix
+"type:table" database. Examples:
+
+.nf
+ # Non\-shared postscreen cache.
+ backup = btree:/var/lib/postfix/postscreen_cache_map
+
+ # Shared postscreen cache for processes on the same host.
+ backup = proxy:btree:/var/lib/postfix/postscreen_cache_map
+.fi
+
+Access to remote proxymap servers is under development.
+
+NOTE 1: When sharing a persistent \fBpostscreen\fR(8) or
+\fBverify\fR(8) cache, disable automatic cache cleanup (set
+*_cache_cleanup_interval = 0) except with one Postfix
+instance that will be responsible for cache cleanup.
+
+NOTE 2: When multiple tables share the same memcache
+database, each table should use the \fBkey_format\fR feature
+(see below) to prepend its own unique string to the lookup
+key. Otherwise, automatic \fBpostscreen\fR(8) or \fBverify\fR(8)
+cache cleanup may not work.
+
+NOTE 3: When the backup database is accessed with "proxy:"
+lookups, the full backup database name (including the
+"proxy:" prefix) must be specified in the proxymap server's
+proxy_read_maps or proxy_write_maps setting (depending on
+whether the access is read\-only or read\-write).
+.IP "\fBflags (default: 0)\fR"
+Optional flags that should be stored along with a memcache
+update. The flags are ignored when looking up information.
+.IP "\fBttl (default: 3600)\fR"
+The expiration time in seconds of memcache updates.
+
+NOTE 1: When using a memcache table as \fBpostscreen\fR(8)
+or \fBverify\fR(8) cache without persistent backup, specify
+a zero *_cache_cleanup_interval value with all Postfix
+instances that use the memcache, and specify the largest
+\fBpostscreen\fR(8) *_ttl value or \fBverify\fR(8) *_expire_time
+value as the memcache table's \fBttl\fR value.
+
+NOTE 2: According to memcache protocol documentation, a
+value greater than 30 days (2592000 seconds) specifies
+absolute UNIX
+time. Smaller values are relative to the time of the update.
+.SH "MEMCACHE KEY PARAMETERS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBkey_format (default: %s)\fB"
+Format of the lookup and update keys that the Postfix
+memcache client sends to the memcache server.
+By default, these are the same as the lookup and update
+keys that the memcache client receives from Postfix
+applications.
+
+NOTE 1: The \fBkey_format\fR feature is not used for \fBbackup\fR
+database requests.
+
+NOTE 2: When multiple tables share the same memcache
+database, each table should prepend its own unique string
+to the lookup key. Otherwise, automatic \fBpostscreen\fR(8)
+or \fBverify\fR(8) cache cleanup may not work.
+
+Examples:
+
+.nf
+ key_format = aliases:%s
+ key_format = verify:%s
+ key_format = postscreen:%s
+.fi
+
+The \fBkey_format\fR parameter supports the following '%'
+expansions:
+.RS
+.IP "\fB%%\fR"
+This is replaced by a literal '%' character.
+.IP "\fB%s\fR"
+This is replaced by the memcache client input key.
+.IP "\fB%u\fR"
+When the input key is an address of the form user@domain,
+\fB%u\fR is replaced by the SQL quoted local part of the
+address. Otherwise, \fB%u\fR is replaced by the entire
+search string. If the localpart is empty, a lookup is
+silently suppressed and returns no results (an update is
+skipped with a warning).
+.IP "\fB%d\fR"
+When the input key is an address of the form user@domain,
+\fB%d\fR is replaced by the domain part of the address.
+Otherwise, a lookup is silently suppressed and returns no
+results (an update is skipped with a warning).
+.IP "\fB%[SUD]\fR"
+The upper\-case equivalents of the above expansions behave
+in the \fBkey_format\fR parameter identically to their
+lower\-case counter\-parts.
+.IP "\fB%[1\-9]\fR"
+The patterns %1, %2, ... %9 are replaced by the corresponding
+most significant component of the input key's domain. If
+the input key is \fIuser@mail.example.com\fR, then %1 is
+\fBcom\fR, %2 is \fBexample\fR and %3 is \fBmail\fR. If the
+input key is unqualified or does not have enough domain
+components to satisfy all the specified patterns, a lookup
+is silently suppressed and returns no results (an update
+is skipped with a warning).
+.RE
+.IP "\fBdomain (default: no domain list)\fR"
+This feature can significantly reduce database server load.
+Specify a list of domain names, paths to files, or "type:table"
+databases.
+When specified, only fully qualified search keys with a
+*non\-empty* localpart and a matching domain are eligible
+for lookup or update: bare 'user' lookups, bare domain
+lookups and "@domain" lookups are silently skipped (updates
+are skipped with a warning). Example:
+
+.nf
+ domain = example.com, hash:/etc/postfix/searchdomains
+.fi
+.SH "MEMCACHE ERROR CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBdata_size_limit (default: 10240)\fR"
+The maximal memcache reply data length in bytes.
+.IP "\fBline_size_limit (default: 1024)\fR"
+The maximal memcache reply line length in bytes.
+.IP "\fBmax_try (default: 2)\fR"
+The number of times to try a memcache command before giving
+up. The memcache client does not retry a command when the
+memcache server accepts no connection.
+.IP "\fBretry_pause (default: 1)\fR"
+The time in seconds before retrying a failed memcache command.
+.IP "\fBtimeout (default: 2)\fR"
+The time limit for sending a memcache command and for
+receiving a memcache reply.
+.SH BUGS
+.ad
+.fi
+The Postfix memcache client cannot be used for security\-sensitive
+tables such as \fBalias_maps\fR (these may contain
+"\fI|command\fR and "\fI/file/name\fR" destinations), or
+\fBvirtual_uid_maps\fR, \fBvirtual_gid_maps\fR and
+\fBvirtual_mailbox_maps\fR (these specify UNIX process
+privileges or "\fI/file/name\fR" destinations). In a typical
+deployment a memcache database is writable by any process
+that can talk to the memcache server; in contrast,
+security\-sensitive tables must never be writable by the
+unprivileged Postfix user.
+
+The Postfix memcache client requires additional configuration
+when used as \fBpostscreen\fR(8) or \fBverify\fR(8) cache.
+For details see the \fBbackup\fR and \fBttl\fR parameter
+discussions in the MEMCACHE MAIN PARAMETERS section above.
+.SH "SEE ALSO"
+.na
+.nf
+postmap(1), Postfix lookup table manager
+postconf(5), configuration parameters
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+DATABASE_README, Postfix lookup table overview
+MEMCACHE_README, Postfix memcache client guide
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH HISTORY
+.ad
+.fi
+.ad
+.fi
+Memcache support was introduced with Postfix version 2.9.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man5/mysql_table.5 b/man/man5/mysql_table.5
new file mode 100644
index 0000000..2b01aca
--- /dev/null
+++ b/man/man5/mysql_table.5
@@ -0,0 +1,431 @@
+.TH MYSQL_TABLE 5
+.ad
+.fi
+.SH NAME
+mysql_table
+\-
+Postfix MySQL client configuration
+.SH "SYNOPSIS"
+.na
+.nf
+\fBpostmap \-q "\fIstring\fB" mysql:/etc/postfix/\fIfilename\fR
+
+\fBpostmap \-q \- mysql:/etc/postfix/\fIfilename\fB <\fIinputfile\fR
+.SH DESCRIPTION
+.ad
+.fi
+The Postfix mail system uses optional tables for address
+rewriting or mail routing. These tables are usually in
+\fBdbm\fR or \fBdb\fR format.
+
+Alternatively, lookup tables can be specified as MySQL databases.
+In order to use MySQL lookups, define a MySQL source as a lookup
+table in main.cf, for example:
+.nf
+ alias_maps = mysql:/etc/postfix/mysql\-aliases.cf
+.fi
+
+The file /etc/postfix/mysql\-aliases.cf has the same format as
+the Postfix main.cf file, and can specify the parameters
+described below.
+.SH "LIST MEMBERSHIP"
+.na
+.nf
+.ad
+.fi
+When using SQL to store lists such as $mynetworks,
+$mydestination, $relay_domains, $local_recipient_maps,
+etc., it is important to understand that the table must
+store each list member as a separate key. The table lookup
+verifies the *existence* of the key. See "Postfix lists
+versus tables" in the DATABASE_README document for a
+discussion.
+
+Do NOT create tables that return the full list of domains
+in $mydestination or $relay_domains etc., or IP addresses
+in $mynetworks.
+
+DO create tables with each matching item as a key and with
+an arbitrary value. With SQL databases it is not uncommon to
+return the key itself or a constant value.
+.SH "MYSQL PARAMETERS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBhosts\fR"
+The hosts that Postfix will try to connect to and query from.
+Specify \fIunix:\fR for UNIX domain sockets, \fIinet:\fR for TCP
+connections (default). Examples:
+.nf
+ hosts = inet:host1.some.domain inet:host2.some.domain:port
+ hosts = host1.some.domain host2.some.domain:port
+ hosts = unix:/file/name
+.fi
+
+The hosts are tried in random order, with all connections over
+UNIX domain sockets being tried before those over TCP. The
+connections are automatically closed after being idle for about
+1 minute, and are re\-opened as necessary. Postfix versions 2.0
+and earlier do not randomize the host order.
+
+NOTE: if you specify localhost as a hostname (even if you
+prefix it with \fIinet:\fR), MySQL will connect to the default
+UNIX domain socket. In order to instruct MySQL to connect to
+localhost over TCP you have to specify
+.nf
+ hosts = 127.0.0.1
+.fi
+.IP "\fBuser\fR"
+.IP "\fBpassword\fR"
+The user name and password to log into the mysql server.
+Example:
+.nf
+ user = someone
+ password = some_password
+.fi
+.IP "\fBdbname\fR"
+The database name on the servers. Example:
+.nf
+ dbname = customer_database
+.fi
+.IP "\fBquery\fR"
+The SQL query template used to search the database, where \fB%s\fR
+is a substitute for the address Postfix is trying to resolve,
+e.g.
+.nf
+ query = SELECT replacement FROM aliases WHERE mailbox = '%s'
+.fi
+
+By default, every query must return a result set (instead
+of storing its results in a table); with "\fBrequire_result_set
+= no\fR" (Postfix 3.2 and later), the absence of a result
+set is treated as "not found".
+
+This parameter supports the following '%' expansions:
+.RS
+.IP "\fB%%\fR"
+This is replaced by a literal '%' character.
+.IP "\fB%s\fR"
+This is replaced by the input key.
+SQL quoting is used to make sure that the input key does not
+add unexpected metacharacters.
+.IP "\fB%u\fR"
+When the input key is an address of the form user@domain, \fB%u\fR
+is replaced by the SQL quoted local part of the address.
+Otherwise, \fB%u\fR is replaced by the entire search string.
+If the localpart is empty, the query is suppressed and returns
+no results.
+.IP "\fB%d\fR"
+When the input key is an address of the form user@domain, \fB%d\fR
+is replaced by the SQL quoted domain part of the address.
+Otherwise, the query is suppressed and returns no results.
+.IP "\fB%[SUD]\fR"
+The upper\-case equivalents of the above expansions behave in the
+\fBquery\fR parameter identically to their lower\-case counter\-parts.
+With the \fBresult_format\fR parameter (see below), they expand the
+input key rather than the result value.
+.IP "\fB%[1\-9]\fR"
+The patterns %1, %2, ... %9 are replaced by the corresponding
+most significant component of the input key's domain. If the
+input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR,
+%2 is \fBexample\fR and %3 is \fBmail\fR. If the input key is
+unqualified or does not have enough domain components to satisfy
+all the specified patterns, the query is suppressed and returns
+no results.
+.RE
+.IP
+The \fBdomain\fR parameter described below limits the input
+keys to addresses in matching domains. When the \fBdomain\fR
+parameter is non\-empty, SQL queries for unqualified addresses
+or addresses in non\-matching domains are suppressed
+and return no results.
+
+This parameter is available with Postfix 2.2. In prior releases
+the SQL query was built from the separate parameters:
+\fBselect_field\fR, \fBtable\fR, \fBwhere_field\fR and
+\fBadditional_conditions\fR. The mapping from the old parameters
+to the equivalent query is:
+
+.nf
+ SELECT [\fBselect_field\fR]
+ FROM [\fBtable\fR]
+ WHERE [\fBwhere_field\fR] = '%s'
+ [\fBadditional_conditions\fR]
+.fi
+
+The '%s' in the \fBWHERE\fR clause expands to the escaped search string.
+With Postfix 2.2 these legacy parameters are used if the \fBquery\fR
+parameter is not specified.
+
+NOTE: DO NOT put quotes around the query parameter.
+.IP "\fBresult_format (default: \fB%s\fR)\fR"
+Format template applied to result attributes. Most commonly used
+to append (or prepend) text to the result. This parameter supports
+the following '%' expansions:
+.RS
+.IP "\fB%%\fR"
+This is replaced by a literal '%' character.
+.IP "\fB%s\fR"
+This is replaced by the value of the result attribute. When
+result is empty it is skipped.
+.IP "\fB%u\fR
+When the result attribute value is an address of the form
+user@domain, \fB%u\fR is replaced by the local part of the
+address. When the result has an empty localpart it is skipped.
+.IP "\fB%d\fR"
+When a result attribute value is an address of the form
+user@domain, \fB%d\fR is replaced by the domain part of
+the attribute value. When the result is unqualified it
+is skipped.
+.IP "\fB%[SUD1\-9]\fR"
+The upper\-case and decimal digit expansions interpolate
+the parts of the input key rather than the result. Their
+behavior is identical to that described with \fBquery\fR,
+and in fact because the input key is known in advance, queries
+whose key does not contain all the information specified in
+the result template are suppressed and return no results.
+.RE
+.IP
+For example, using "result_format = smtp:[%s]" allows one
+to use a mailHost attribute as the basis of a transport(5)
+table. After applying the result format, multiple values
+are concatenated as comma separated strings. The expansion_limit
+and parameter explained below allows one to restrict the number
+of values in the result, which is especially useful for maps that
+must return at most one value.
+
+The default value \fB%s\fR specifies that each result value should
+be used as is.
+
+This parameter is available with Postfix 2.2 and later.
+
+NOTE: DO NOT put quotes around the result format!
+.IP "\fBdomain (default: no domain list)\fR"
+This is a list of domain names, paths to files, or "type:table"
+databases. When specified, only fully qualified search keys
+with a *non\-empty* localpart and a matching domain are
+eligible for lookup: 'user' lookups, bare domain lookups
+and "@domain" lookups are not performed. This can significantly
+reduce the query load on the MySQL server.
+.nf
+ domain = postfix.org, hash:/etc/postfix/searchdomains
+.fi
+
+It is best not to use SQL to store the domains eligible
+for SQL lookups.
+
+This parameter is available with Postfix 2.2 and later.
+
+NOTE: DO NOT define this parameter for local(8) aliases,
+because the input keys are always unqualified.
+.IP "\fBexpansion_limit (default: 0)\fR"
+A limit on the total number of result elements returned
+(as a comma separated list) by a lookup against the map.
+A setting of zero disables the limit. Lookups fail with a
+temporary error if the limit is exceeded. Setting the
+limit to 1 ensures that lookups do not return multiple
+values.
+.IP "\fBoption_file\fR"
+Read options from the given file instead of the default my.cnf
+location. This reads options from the \fB[client]\fR option
+group, optionally followed by options from the group given
+with \fBoption_group\fR.
+.sp
+This parameter is available with Postfix 2.11 and later.
+.IP "\fBoption_group (default: Postfix >=3.2: client, <= 3.1: empty)\fR"
+Read options from the given group of the mysql options file,
+after reading options from the \fB[client]\fR group.
+.sp
+Postfix 3.2 and later read \fB[client]\fR option group
+settings by default. To disable this specify no \fBoption_file\fR
+and specify "\fBoption_group =\fR" (i.e. an empty value).
+.sp
+Postfix 3.1 and earlier don't read \fB[client]\fR option
+group settings unless a non\-empty \fBoption_file\fR or
+\fBoption_group\fR value are specified. To enable this,
+specify, for example, "\fBoption_group = client\fR".
+.sp
+This parameter is available with Postfix 2.11 and later.
+.IP "\fBrequire_result_set (default: yes)\fR"
+If "\fByes\fR", require that every query returns a result
+set. If "\fBno\fR", treat the absence of a result set as
+"not found".
+.sp
+This parameter is available with Postfix 3.2 and later.
+.IP "\fBtls_cert_file\fR"
+File containing client's X509 certificate.
+.sp
+This parameter is available with Postfix 2.11 and later.
+.IP "\fBtls_key_file\fR"
+File containing the private key corresponding to \fBtls_cert_file\fR.
+.sp
+This parameter is available with Postfix 2.11 and later.
+.IP "\fBtls_CAfile\fR"
+File containing certificates for all of the X509 Certification
+Authorities the client will recognize. Takes precedence over
+\fBtls_CApath\fR.
+.sp
+This parameter is available with Postfix 2.11 and later.
+.IP "\fBtls_CApath\fR"
+Directory containing X509 Certification Authority certificates
+in separate individual files.
+.sp
+This parameter is available with Postfix 2.11 and later.
+.IP "\fBtls_ciphers\fR"
+The list of permissible ciphers for SSL encryption.
+.sp
+This parameter is available with Postfix 2.11 and later.
+.IP "\fBtls_verify_cert (default: no)\fR"
+Verify that the server's name matches the common name in the
+certificate.
+.sp
+This parameter is available with Postfix 2.11 and later.
+.SH "USING MYSQL STORED PROCEDURES"
+.na
+.nf
+.ad
+.fi
+Postfix 3.2 and later support calling a stored procedure
+instead of using a SELECT statement in the query, e.g.
+
+.nf
+ \fBquery\fR = CALL lookup('%s')
+.fi
+
+The previously described '%' expansions can be used in the
+parameter(s) to the stored procedure.
+
+By default, every stored procedure call must return a result
+set, i.e. every code path must execute a SELECT statement
+that returns a result set (instead of storing its results
+in a table). With "\fBrequire_result_set = no\fR", the
+absence of a result set is treated as "not found".
+
+A stored procedure must not return multiple result sets.
+That is, there must be no code path that executes multiple
+SELECT statements that return a result (instead of storing
+their results in a table).
+
+The following is an example of a stored procedure returning
+a single result set:
+
+.nf
+CREATE [DEFINER=`user`@`host`] PROCEDURE
+`lookup`(IN `param` VARCHAR(255))
+ READS SQL DATA
+ SQL SECURITY INVOKER
+ BEGIN
+ select goto from alias where address=param;
+ END
+.fi
+.SH "OBSOLETE MAIN.CF PARAMETERS"
+.na
+.nf
+.ad
+.fi
+For compatibility with other Postfix lookup tables, MySQL
+parameters can also be defined in main.cf. In order to do that,
+specify as MySQL source a name that doesn't begin with a slash
+or a dot. The MySQL parameters will then be accessible as the
+name you've given the source in its definition, an underscore,
+and the name of the parameter. For example, if the map is
+specified as "mysql:\fImysqlname\fR", the parameter "hosts"
+would be defined in main.cf as "\fImysqlname\fR_hosts".
+
+Note: with this form, the passwords for the MySQL sources are
+written in main.cf, which is normally world\-readable. Support
+for this form will be removed in a future Postfix version.
+.SH "OBSOLETE QUERY INTERFACE"
+.na
+.nf
+.ad
+.fi
+This section describes an interface that is deprecated as
+of Postfix 2.2. It is replaced by the more general \fBquery\fR
+interface described above. If the \fBquery\fR parameter
+is defined, the legacy parameters described here ignored.
+Please migrate to the new interface as the legacy interface
+may be removed in a future release.
+
+The following parameters can be used to fill in a
+SELECT template statement of the form:
+
+.nf
+ SELECT [\fBselect_field\fR]
+ FROM [\fBtable\fR]
+ WHERE [\fBwhere_field\fR] = '%s'
+ [\fBadditional_conditions\fR]
+.fi
+
+The specifier %s is replaced by the search string, and is
+escaped so if it contains single quotes or other odd characters,
+it will not cause a parse error, or worse, a security problem.
+.IP "\fBselect_field\fR"
+The SQL "select" parameter. Example:
+.nf
+ \fBselect_field\fR = forw_addr
+.fi
+.IP "\fBtable\fR"
+The SQL "select .. from" table name. Example:
+.nf
+ \fBtable\fR = mxaliases
+.fi
+.IP "\fBwhere_field\fR
+The SQL "select .. where" parameter. Example:
+.nf
+ \fBwhere_field\fR = alias
+.fi
+.IP "\fBadditional_conditions\fR
+Additional conditions to the SQL query. Example:
+.nf
+ \fBadditional_conditions\fR = AND status = 'paid'
+.fi
+.SH "SEE ALSO"
+.na
+.nf
+postmap(1), Postfix lookup table maintenance
+postconf(5), configuration parameters
+ldap_table(5), LDAP lookup tables
+pgsql_table(5), PostgreSQL lookup tables
+sqlite_table(5), SQLite lookup tables
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+DATABASE_README, Postfix lookup table overview
+MYSQL_README, Postfix MYSQL client guide
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH HISTORY
+.ad
+.fi
+MySQL support was introduced with Postfix version 1.0.
+.SH "AUTHOR(S)"
+.na
+.nf
+Original implementation by:
+Scott Cotton, Joshua Marcus
+IC Group, Inc.
+
+Further enhancements by:
+Liviu Daia
+Institute of Mathematics of the Romanian Academy
+P.O. BOX 1\-764
+RO\-014700 Bucharest, ROMANIA
+
+Stored\-procedure support by John Fawcett.
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man5/nisplus_table.5 b/man/man5/nisplus_table.5
new file mode 100644
index 0000000..79176a1
--- /dev/null
+++ b/man/man5/nisplus_table.5
@@ -0,0 +1,106 @@
+.TH NISPLUS_TABLE 5
+.ad
+.fi
+.SH NAME
+nisplus_table
+\-
+Postfix NIS+ client
+.SH "SYNOPSIS"
+.na
+.nf
+\fBpostmap \-q "\fIstring\fB" "nisplus:[\fIname\fB=%s];\fIname.name.\fB"\fR
+
+\fBpostmap \-q \- "nisplus:[\fIname\fB=%s];\fIname.name.\fB" <\fIinputfile\fR
+.SH DESCRIPTION
+.ad
+.fi
+The Postfix mail system uses optional lookup tables.
+These tables are usually in \fBdbm\fR or \fBdb\fR format.
+Alternatively, lookup tables can be specified as NIS+
+databases.
+
+To find out what types of lookup tables your Postfix system
+supports use the "\fBpostconf \-m\fR" command.
+
+To test Postfix NIS+ lookup tables, use the "\fBpostmap \-q\fR"
+command as described in the SYNOPSIS above.
+.SH "QUERY SYNTAX"
+.na
+.nf
+.ad
+.fi
+Most of the NIS+ query is specified via the NIS+ map name. The
+general format of a Postfix NIS+ map name is as follows:
+
+.fi
+ \fBnisplus:[\fIname\fB=%s];\fIname.name.name\fB.:\fIcolumn\fR
+.fi
+
+Postfix NIS+ map names differ from what one normally
+would use with commands such as \fBniscat\fR:
+.IP \(bu
+With each NIS+ table lookup, "\fB%s\fR" is replaced by a
+version of the lookup string. There can be only one
+"\fB%s\fR" instance in a Postfix NIS+ map name.
+.IP \(bu
+Postfix NIS+ map names use "\fB;\fR" instead of "\fB,\fR",
+because the latter character is special in the Postfix
+main.cf file. Postfix replaces "\fB;\fR" characters in
+the map name by "\fB,\fR" before making NIS+ queries.
+.IP \(bu
+The ":\fIcolumn\fR" part in the NIS+ map name is not part
+of the actual NIS+ query. Instead, it specifies the number
+of the table column that provides the lookup result. When
+no ":\fIcolumn\fR" is specified the first column (1) is used.
+.SH "EXAMPLE"
+.na
+.nf
+.ad
+.fi
+A NIS+ aliases map might be queried as follows:
+
+.nf
+ alias_maps = dbm:/etc/mail/aliases,
+ nisplus:[alias=%s];mail_aliases.org_dir.$mydomain.:1
+.fi
+
+This queries the local aliases file before the NIS+ file.
+.SH "SEE ALSO"
+.na
+.nf
+postmap(1), Postfix lookup table manager
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+DATABASE_README, Postfix lookup table overview
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Geoff Gibbs
+UK\-HGMP\-RC
+Hinxton
+Cambridge
+CB10 1SB, UK
+
+Adopted and adapted by:
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man5/pcre_table.5 b/man/man5/pcre_table.5
new file mode 100644
index 0000000..a9fd7b6
--- /dev/null
+++ b/man/man5/pcre_table.5
@@ -0,0 +1,275 @@
+.TH PCRE_TABLE 5
+.ad
+.fi
+.SH NAME
+pcre_table
+\-
+format of Postfix PCRE tables
+.SH "SYNOPSIS"
+.na
+.nf
+\fBpostmap \-q "\fIstring\fB" pcre:/etc/postfix/\fIfilename\fR
+
+\fBpostmap \-q \- pcre:/etc/postfix/\fIfilename\fB <\fIinputfile\fR
+
+\fBpostmap \-hmq \- pcre:/etc/postfix/\fIfilename\fB <\fIinputfile\fR
+
+\fBpostmap \-bmq \- pcre:/etc/postfix/\fIfilename\fB <\fIinputfile\fR
+.SH DESCRIPTION
+.ad
+.fi
+The Postfix mail system uses optional tables for address
+rewriting, mail routing, or access control. These tables
+are usually in \fBdbm\fR or \fBdb\fR format.
+
+Alternatively, lookup tables can be specified in Perl Compatible
+Regular Expression form. In this case, each input is compared
+against a list of patterns. When a match is found, the
+corresponding result is returned and the search is terminated.
+
+To find out what types of lookup tables your Postfix system
+supports use the "\fBpostconf \-m\fR" command.
+
+To test lookup tables, use the "\fBpostmap \-q\fR" command
+as described in the SYNOPSIS above. Use "\fBpostmap \-hmq
+\-\fR <\fIfile\fR" for header_checks(5) patterns, and
+"\fBpostmap \-bmq \-\fR <\fIfile\fR" for body_checks(5)
+(Postfix 2.6 and later).
+
+This driver can be built with the pcre2 library (Postfix
+3.7 and later), or with the legacy pcre library (all Postfix
+versions).
+.SH "COMPATIBILITY"
+.na
+.nf
+.ad
+.fi
+With Postfix version 2.2 and earlier specify "\fBpostmap
+\-fq\fR" to query a table that contains case sensitive
+patterns. Patterns are case insensitive by default.
+.SH "TABLE FORMAT"
+.na
+.nf
+.ad
+.fi
+The general form of a PCRE table is:
+.IP "\fB/\fIpattern\fB/\fIflags result\fR"
+When \fIpattern\fR matches the input string, use
+the corresponding \fIresult\fR value.
+.IP "\fB!/\fIpattern\fB/\fIflags result\fR"
+When \fIpattern\fR does \fBnot\fR match the input string, use
+the corresponding \fIresult\fR value.
+.IP "\fBif /\fIpattern\fB/\fIflags\fR"
+.IP "\fBendif\fR"
+If the input string matches /\fIpattern\fR/, then match that
+input string against the patterns between \fBif\fR and
+\fBendif\fR. The \fBif\fR..\fBendif\fR can nest.
+.sp
+Note: do not prepend whitespace to patterns inside
+\fBif\fR..\fBendif\fR.
+.sp
+This feature is available in Postfix 2.1 and later.
+.IP "\fBif !/\fIpattern\fB/\fIflags\fR"
+.IP "\fBendif\fR"
+If the input string does not match /\fIpattern\fR/, then
+match that input string against the patterns between \fBif\fR
+and \fBendif\fR. The \fBif\fR..\fBendif\fR can nest.
+.sp
+Note: do not prepend whitespace to patterns inside
+\fBif\fR..\fBendif\fR.
+.sp
+This feature is available in Postfix 2.1 and later.
+.IP "blank lines and comments"
+Empty lines and whitespace\-only lines are ignored, as
+are lines whose first non\-whitespace character is a `#'.
+.IP "multi\-line text"
+A logical line starts with non\-whitespace text. A line that
+starts with whitespace continues a logical line.
+.PP
+Each pattern is a perl\-like regular expression. The expression
+delimiter can be any non\-alphanumeric character, except
+whitespace or characters
+that have special meaning (traditionally the forward slash is used).
+The regular expression can contain whitespace.
+
+By default, matching is case\-insensitive, and newlines are not
+treated as special characters. The behavior is controlled by flags,
+which are toggled by appending one or more of the following
+characters after the pattern:
+.IP "\fBi\fR (default: on)"
+Toggles the case sensitivity flag. By default, matching is case
+insensitive.
+.IP "\fBm\fR (default: off)"
+Toggles the pcre MULTILINE flag. When this flag is on, the \fB^\fR
+and \fB$\fR metacharacters match immediately after and immediately
+before a newline character, respectively, in addition to
+matching at the start and end of the subject string.
+.IP "\fBs\fR (default: on)"
+Toggles the pcre DOTALL flag. When this flag is on, the \fB.\fR
+metacharacter matches the newline character. With
+Postfix versions prior to 2.0, the flag is off by
+default, which is inconvenient for multi\-line message header
+matching.
+.IP "\fBx\fR (default: off)"
+Toggles the pcre extended flag. When this flag is on, whitespace
+characters in the pattern (other than in a character class)
+are ignored. To include a whitespace character as part of
+the pattern, escape it with backslash.
+.sp
+Note: do not use \fB#\fIcomment\fR after patterns.
+.IP "\fBA\fR (default: off)"
+Toggles the pcre ANCHORED flag. When this flag is on,
+the pattern is forced to be "anchored", that is, it is
+constrained to match only at the start of the string which
+is being searched (the "subject string"). This effect can
+also be achieved by appropriate constructs in the pattern
+itself.
+.IP "\fBE\fR (default: off)"
+Toggles the pcre DOLLAR_ENDONLY flag. When this flag is on,
+a \fB$\fR metacharacter in the pattern matches only at the
+end of the subject string. Without this flag, a dollar also
+matches immediately before the final character if it is a
+newline character (but not before any other newline
+characters). This flag is ignored if the pcre MULTILINE
+flag is set.
+.IP "\fBU\fR (default: off)"
+Toggles the pcre UNGREEDY flag. When this flag is on,
+the pattern matching engine inverts the "greediness" of
+the quantifiers so that they are not greedy by default,
+but become greedy if followed by "?". This flag can also
+set by a (?U) modifier within the pattern.
+.IP "\fBX\fR (default: off)"
+Toggles the pcre EXTRA flag.
+When this flag is on, any backslash in a pattern that is
+followed by a letter that has no special meaning causes an
+error, thus reserving these combinations for future expansion.
+
+This feature is not supported with PCRE2.
+.SH "SEARCH ORDER"
+.na
+.nf
+.ad
+.fi
+Patterns are applied in the order as specified in the table, until a
+pattern is found that matches the input string.
+
+Each pattern is applied to the entire input string.
+Depending on the application, that string is an entire client
+hostname, an entire client IP address, or an entire mail address.
+Thus, no parent domain or parent network search is done, and
+\fIuser@domain\fR mail addresses are not broken up into their
+\fIuser\fR and \fIdomain\fR constituent parts, nor is \fIuser+foo\fR
+broken up into \fIuser\fR and \fIfoo\fR.
+.SH "TEXT SUBSTITUTION"
+.na
+.nf
+.ad
+.fi
+Substitution of substrings (text that matches patterns
+inside "()") from the matched expression into the result
+string is requested with $1, $2, etc.; specify $$ to produce
+a $ character as output.
+The macros in the result string may need to be written as
+${n} or $(n) if they aren't followed by whitespace.
+This feature does not support pcre2 substring names.
+
+Note: since negated patterns (those preceded by \fB!\fR) return a
+result when the expression does not match, substitutions are not
+available for negated patterns.
+.SH "INLINE SPECIFICATION"
+.na
+.nf
+.ad
+.fi
+The contents of a table may be specified in the table name
+(Postfix 3.7 and later).
+The basic syntax is:
+
+.nf
+main.cf:
+ \fIparameter\fR \fB= .. pcre:{ { \fIrule\-1\fB }, { \fIrule\-2\fB } .. } ..\fR
+
+master.cf:
+ \fB.. \-o { \fIparameter\fR \fB= .. pcre:{ { \fIrule\-1\fB }, { \fIrule\-2\fB } .. } .. } ..\fR
+.fi
+
+Postfix ignores whitespace after '{' and before '}', and
+writes each \fIrule\fR as one text line to an in\-memory
+file:
+
+.nf
+in\-memory file:
+ rule\-1
+ rule\-2
+ ..
+.fi
+
+Postfix parses the result as if it is a file in /etc/postfix.
+
+Note: if a rule contains \fB$\fR, specify \fB$$\fR to keep
+Postfix from trying to do \fI$name\fR expansion as it
+evaluates a parameter value.
+.SH "EXAMPLE SMTPD ACCESS MAP"
+.na
+.nf
+# Protect your outgoing majordomo exploders
+/^(?!owner\-)(.*)\-outgoing@(.*)/ 550 Use ${1}@${2} instead
+
+# Bounce friend@whatever, except when whatever is our domain (you would
+# be better just bouncing all friend@ mail \- this is just an example).
+/^(friend@(?!my\\.domain$).*)$/ 550 Stick this in your pipe $1
+
+# A multi\-line entry. The text is sent as one line.
+#
+/^noddy@my\\.domain$/
+\ 550 This user is a funny one. You really don't want to send mail to
+\ them as it only makes their head spin.
+.SH "EXAMPLE HEADER FILTER MAP"
+.na
+.nf
+/^Subject: make money fast/ REJECT
+/^To: friend@public\\.com/ REJECT
+.SH "EXAMPLE BODY FILTER MAP"
+.na
+.nf
+# First skip over base 64 encoded text to save CPU cycles.
+# Requires PCRE version 3.
+~^[[:alnum:]+/]{60,}$~ OK
+
+# Put your own body patterns here.
+.SH "SEE ALSO"
+.na
+.nf
+postmap(1), Postfix lookup table manager
+postconf(5), configuration parameters
+regexp_table(5), format of POSIX regular expression tables
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+DATABASE_README, Postfix lookup table overview
+.SH "AUTHOR(S)"
+.na
+.nf
+The PCRE table lookup code was originally written by:
+Andrew McNamara
+andrewm@connect.com.au
+connect.com.au Pty. Ltd.
+Level 3, 213 Miller St
+North Sydney, NSW, Australia
+
+Adopted and adapted by:
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man5/pgsql_table.5 b/man/man5/pgsql_table.5
new file mode 100644
index 0000000..00a2da3
--- /dev/null
+++ b/man/man5/pgsql_table.5
@@ -0,0 +1,353 @@
+.TH PGSQL_TABLE 5
+.ad
+.fi
+.SH NAME
+pgsql_table
+\-
+Postfix PostgreSQL client configuration
+.SH "SYNOPSIS"
+.na
+.nf
+\fBpostmap \-q "\fIstring\fB" pgsql:/etc/postfix/\fIfilename\fR
+
+\fBpostmap \-q \- pgsql:/etc/postfix/\fIfilename\fB <\fIinputfile\fR
+.SH DESCRIPTION
+.ad
+.fi
+The Postfix mail system uses optional tables for address
+rewriting or mail routing. These tables are usually in
+\fBdbm\fR or \fBdb\fR format.
+
+Alternatively, lookup tables can be specified as PostgreSQL
+databases. In order to use PostgreSQL lookups, define a
+PostgreSQL source as a lookup table in main.cf, for example:
+.nf
+ alias_maps = pgsql:/etc/postfix/pgsql\-aliases.cf
+.fi
+
+The file /etc/postfix/pgsql\-aliases.cf has the same format as
+the Postfix main.cf file, and can specify the parameters
+described below.
+.SH "LIST MEMBERSHIP"
+.na
+.nf
+.ad
+.fi
+When using SQL to store lists such as $mynetworks,
+$mydestination, $relay_domains, $local_recipient_maps,
+etc., it is important to understand that the table must
+store each list member as a separate key. The table lookup
+verifies the *existence* of the key. See "Postfix lists
+versus tables" in the DATABASE_README document for a
+discussion.
+
+Do NOT create tables that return the full list of domains
+in $mydestination or $relay_domains etc., or IP addresses
+in $mynetworks.
+
+DO create tables with each matching item as a key and with
+an arbitrary value. With SQL databases it is not uncommon to
+return the key itself or a constant value.
+.SH "PGSQL PARAMETERS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBhosts\fR"
+The hosts that Postfix will try to connect to and query
+from. Besides a \fBpostgresql://\fR connection URI, this
+setting supports the historical forms \fBunix:/\fIpathname\fR
+for UNIX\-domain sockets and \fBinet:\fIhost:port\fR for TCP
+connections, where the \fBunix:\fR and \fBinet:\fR prefixes
+are accepted and ignored for backwards compatibility.
+Examples:
+.nf
+ hosts = postgresql://username@example.com/tablename?sslmode=require
+ hosts = inet:host1.some.domain inet:host2.some.domain:port
+ hosts = host1.some.domain host2.some.domain:port
+ hosts = unix:/file/name
+.fi
+
+The hosts are tried in random order. The connections are
+automatically closed after being idle for about 1 minute,
+and are re\-opened as necessary.
+.IP "\fBuser\fR"
+.IP "\fBpassword\fR"
+The user name and password to log into the pgsql server.
+Example:
+.nf
+ user = someone
+ password = some_password
+.fi
+.IP "\fBdbname\fR"
+The database name on the servers. Example:
+.nf
+ dbname = customer_database
+.fi
+.IP "\fBencoding\fR"
+The encoding used by the database client. The default setting
+is:
+.nf
+ encoding = UTF8
+.fi
+Historically, the database client was hard coded to use
+LATIN1 in an attempt to disable multibyte character support.
+
+This feature is available in Postfix 3.8 and later.
+.IP "\fBquery\fR"
+The SQL query template used to search the database, where \fB%s\fR
+is a substitute for the address Postfix is trying to resolve,
+e.g.
+.nf
+ query = SELECT replacement FROM aliases WHERE mailbox = '%s'
+.fi
+
+This parameter supports the following '%' expansions:
+.RS
+.IP "\fB%%\fR"
+This is replaced by a literal '%' character. (Postfix 2.2 and later)
+.IP "\fB%s\fR"
+This is replaced by the input key.
+SQL quoting is used to make sure that the input key does not
+add unexpected metacharacters.
+.IP "\fB%u\fR"
+When the input key is an address of the form user@domain, \fB%u\fR
+is replaced by the SQL quoted local part of the address.
+Otherwise, \fB%u\fR is replaced by the entire search string.
+If the localpart is empty, the query is suppressed and returns
+no results.
+.IP "\fB%d\fR"
+When the input key is an address of the form user@domain, \fB%d\fR
+is replaced by the SQL quoted domain part of the address.
+Otherwise, the query is suppressed and returns no results.
+.IP "\fB%[SUD]\fR"
+The upper\-case equivalents of the above expansions behave in the
+\fBquery\fR parameter identically to their lower\-case counter\-parts.
+With the \fBresult_format\fR parameter (see below), they expand the
+input key rather than the result value.
+.IP
+The above %S, %U and %D expansions are available with Postfix 2.2
+and later
+.IP "\fB%[1\-9]\fR"
+The patterns %1, %2, ... %9 are replaced by the corresponding
+most significant component of the input key's domain. If the
+input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR,
+%2 is \fBexample\fR and %3 is \fBmail\fR. If the input key is
+unqualified or does not have enough domain components to satisfy
+all the specified patterns, the query is suppressed and returns
+no results.
+.IP
+The above %1, ... %9 expansions are available with Postfix 2.2
+and later
+.RE
+.IP
+The \fBdomain\fR parameter described below limits the input
+keys to addresses in matching domains. When the \fBdomain\fR
+parameter is non\-empty, SQL queries for unqualified addresses
+or addresses in non\-matching domains are suppressed
+and return no results.
+
+The precedence of this parameter has changed with Postfix 2.2,
+in prior releases the precedence was, from highest to lowest,
+\fBselect_function\fR, \fBquery\fR, \fBselect_field\fR, ...
+
+With Postfix 2.2 the \fBquery\fR parameter has highest precedence,
+see OBSOLETE QUERY INTERFACES below.
+
+NOTE: DO NOT put quotes around the \fBquery\fR parameter.
+.IP "\fBresult_format (default: \fB%s\fR)\fR"
+Format template applied to result attributes. Most commonly used
+to append (or prepend) text to the result. This parameter supports
+the following '%' expansions:
+.RS
+.IP "\fB%%\fR"
+This is replaced by a literal '%' character.
+.IP "\fB%s\fR"
+This is replaced by the value of the result attribute. When
+result is empty it is skipped.
+.IP "\fB%u\fR
+When the result attribute value is an address of the form
+user@domain, \fB%u\fR is replaced by the local part of the
+address. When the result has an empty localpart it is skipped.
+.IP "\fB%d\fR"
+When a result attribute value is an address of the form
+user@domain, \fB%d\fR is replaced by the domain part of
+the attribute value. When the result is unqualified it
+is skipped.
+.IP "\fB%[SUD1\-9]\fR"
+The upper\-case and decimal digit expansions interpolate
+the parts of the input key rather than the result. Their
+behavior is identical to that described with \fBquery\fR,
+and in fact because the input key is known in advance, queries
+whose key does not contain all the information specified in
+the result template are suppressed and return no results.
+.RE
+.IP
+For example, using "result_format = smtp:[%s]" allows one
+to use a mailHost attribute as the basis of a transport(5)
+table. After applying the result format, multiple values
+are concatenated as comma separated strings. The expansion_limit
+and parameter explained below allows one to restrict the number
+of values in the result, which is especially useful for maps that
+must return at most one value.
+
+The default value \fB%s\fR specifies that each result value should
+be used as is.
+
+This parameter is available with Postfix 2.2 and later.
+
+NOTE: DO NOT put quotes around the result format!
+.IP "\fBdomain (default: no domain list)\fR"
+This is a list of domain names, paths to files, or "type:table"
+databases. When specified, only fully qualified search
+keys with a *non\-empty* localpart and a matching domain
+are eligible for lookup: 'user' lookups, bare domain lookups
+and "@domain" lookups are not performed. This can significantly
+reduce the query load on the PostgreSQL server.
+.nf
+ domain = postfix.org, hash:/etc/postfix/searchdomains
+.fi
+
+It is best not to use SQL to store the domains eligible
+for SQL lookups.
+
+This parameter is available with Postfix 2.2 and later.
+
+NOTE: DO NOT define this parameter for local(8) aliases,
+because the input keys are always unqualified.
+.IP "\fBexpansion_limit (default: 0)\fR"
+A limit on the total number of result elements returned
+(as a comma separated list) by a lookup against the map.
+A setting of zero disables the limit. Lookups fail with a
+temporary error if the limit is exceeded. Setting the
+limit to 1 ensures that lookups do not return multiple
+values.
+.SH "OBSOLETE MAIN.CF PARAMETERS"
+.na
+.nf
+.ad
+.fi
+For compatibility with other Postfix lookup tables, PostgreSQL
+parameters can also be defined in main.cf. In order to do
+that, specify as PostgreSQL source a name that doesn't begin
+with a slash or a dot. The PostgreSQL parameters will then
+be accessible as the name you've given the source in its
+definition, an underscore, and the name of the parameter. For
+example, if the map is specified as "pgsql:\fIpgsqlname\fR",
+the parameter "hosts" would be defined in main.cf as
+"\fIpgsqlname\fR_hosts".
+
+Note: with this form, the passwords for the PostgreSQL sources
+are written in main.cf, which is normally world\-readable.
+Support for this form will be removed in a future Postfix
+version.
+.SH "OBSOLETE QUERY INTERFACES"
+.na
+.nf
+.ad
+.fi
+This section describes query interfaces that are deprecated
+as of Postfix 2.2. Please migrate to the new \fBquery\fR
+interface as the old interfaces are slated to be phased
+out.
+.IP "\fBselect_function\fR"
+This parameter specifies a database function name. Example:
+.nf
+ select_function = my_lookup_user_alias
+.fi
+
+This is equivalent to:
+.nf
+ query = SELECT my_lookup_user_alias('%s')
+.fi
+
+This parameter overrides the legacy table\-related fields (described
+below). With Postfix versions prior to 2.2, it also overrides the
+\fBquery\fR parameter. Starting with Postfix 2.2, the \fBquery\fR
+parameter has highest precedence, and the \fBselect_function\fR
+parameter is deprecated.
+.PP
+The following parameters (with lower precedence than the
+\fBselect_function\fR interface described above) can be used to
+build the SQL select statement as follows:
+
+.nf
+ SELECT [\fBselect_field\fR]
+ FROM [\fBtable\fR]
+ WHERE [\fBwhere_field\fR] = '%s'
+ [\fBadditional_conditions\fR]
+.fi
+
+The specifier %s is replaced with each lookup by the lookup key
+and is escaped so if it contains single quotes or other odd
+characters, it will not cause a parse error, or worse, a security
+problem.
+
+Starting with Postfix 2.2, this interface is obsoleted by the more
+general \fBquery\fR interface described above. If higher precedence
+the \fBquery\fR or \fBselect_function\fR parameters described above
+are defined, the parameters described here are ignored.
+.IP "\fBselect_field\fR"
+The SQL "select" parameter. Example:
+.nf
+ \fBselect_field\fR = forw_addr
+.fi
+.IP "\fBtable\fR"
+The SQL "select .. from" table name. Example:
+.nf
+ \fBtable\fR = mxaliases
+.fi
+.IP "\fBwhere_field\fR
+The SQL "select .. where" parameter. Example:
+.nf
+ \fBwhere_field\fR = alias
+.fi
+.IP "\fBadditional_conditions\fR
+Additional conditions to the SQL query. Example:
+.nf
+ \fBadditional_conditions\fR = AND status = 'paid'
+.fi
+.SH "SEE ALSO"
+.na
+.nf
+postmap(1), Postfix lookup table manager
+postconf(5), configuration parameters
+ldap_table(5), LDAP lookup tables
+mysql_table(5), MySQL lookup tables
+sqlite_table(5), SQLite lookup tables
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+DATABASE_README, Postfix lookup table overview
+PGSQL_README, Postfix PostgreSQL client guide
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH HISTORY
+.ad
+.fi
+PgSQL support was introduced with Postfix version 2.1.
+.SH "AUTHOR(S)"
+.na
+.nf
+Based on the MySQL client by:
+Scott Cotton, Joshua Marcus
+IC Group, Inc.
+
+Ported to PostgreSQL by:
+Aaron Sethman
+
+Further enhanced by:
+Liviu Daia
+Institute of Mathematics of the Romanian Academy
+P.O. BOX 1\-764
+RO\-014700 Bucharest, ROMANIA
diff --git a/man/man5/postconf.5 b/man/man5/postconf.5
new file mode 100644
index 0000000..196a700
--- /dev/null
+++ b/man/man5/postconf.5
@@ -0,0 +1,15683 @@
+.TH POSTCONF 5
+.SH NAME
+postconf
+\-
+Postfix configuration parameters
+.SH SYNOPSIS
+.na
+.nf
+\fBpostconf\fR \fIparameter\fR ...
+
+\fBpostconf \-e\fR "\fIparameter=value\fR" ...
+.SH DESCRIPTION
+.ad
+.fi
+The Postfix main.cf configuration file specifies parameters that
+control the operation of the Postfix mail system. Typically the
+file contains only a small subset of all parameters; parameters
+not specified are left at their default values.
+.PP
+The general format of the main.cf file is as follows:
+.IP \(bu
+Each logical line has the form "parameter = value".
+Whitespace around the "=" is ignored, as is whitespace at the
+end of a logical line.
+.IP \(bu
+Empty lines and whitespace-only lines are ignored, as are lines
+whose first non-whitespace character is a `#'.
+.IP \(bu
+A logical line starts with non-whitespace text. A line that starts
+with whitespace continues a logical line.
+.IP \(bu
+A parameter value may refer to other parameters.
+.RS
+.IP \(bu
+The expressions "$name" and "${name}" are recursively replaced with
+the value of the named parameter. The parameter name must contain
+only characters from the set [a-zA-Z0-9_]. An undefined parameter
+value is replaced with the empty value.
+.IP \(bu
+The expressions "${name?value}" and "${name?{value}}" are replaced
+with "value" when "$name" is non-empty. The parameter name must
+contain only characters from the set [a-zA-Z0-9_]. These forms are
+supported with Postfix versions >= 2.2 and >= 3.0, respectively.
+.IP \(bu
+The expressions "${name:value}" and "${name:{value}}" are replaced
+with "value" when "$name" is empty. The parameter name must contain
+only characters from the set [a-zA-Z0-9_]. These forms are supported
+with Postfix versions >= 2.2 and >= 3.0, respectively.
+.IP \(bu
+The expression "${name?{value1}:{value2}}" is replaced with "value1"
+when "$name" is non-empty, and with "value2" when "$name" is empty.
+The "{}" is required for "value1", optional for "value2". The
+parameter name must contain only characters from the set [a-zA-Z0-9_].
+This form is supported with Postfix versions >= 3.0.
+.IP \(bu
+The first item inside "${...}" may be a relational expression of the
+form: "{value3} == {value4}". Besides the "==" (equality) operator
+Postfix supports "!=" (inequality), "<", "<=", ">=", and ">". The
+comparison is numerical when both operands are all digits, otherwise
+the comparison is lexicographical. These forms are supported with
+Postfix versions >= 3.0.
+.IP \(bu
+Each "value" is subject to recursive named parameter and relational
+expression evaluation, except where noted.
+.IP \(bu
+Whitespace before or after each "{value}" is ignored.
+.IP \(bu
+Specify "$$" to produce a single "$" character.
+.IP \(bu
+The legacy form "$(...)" is equivalent to the preferred form "${...}".
+.RE
+.IP \(bu
+When the same parameter is defined multiple times, only the last
+instance is remembered.
+.IP \(bu
+Otherwise, the order of main.cf parameter definitions does not matter.
+.PP
+The remainder of this document is a description of all Postfix
+configuration parameters. Default values are shown after the
+parameter name in parentheses, and can be looked up with the
+"\fBpostconf \-d\fR" command.
+.PP
+Note: this is not an invitation to make changes to Postfix
+configuration parameters. Unnecessary changes can impair the
+operation of the mail system.
+.SH 2bounce_notice_recipient (default: postmaster)
+The recipient of undeliverable mail that cannot be returned to
+the sender. This feature is enabled with the notify_classes
+parameter.
+.SH access_map_defer_code (default: 450)
+The numerical Postfix SMTP server response code for
+an \fBaccess\fR(5) map "defer" action, including "defer_if_permit"
+or "defer_if_reject". Prior to Postfix 2.6, the response
+is hard\-coded as "450".
+.PP
+Do not change this unless you have a complete understanding of RFC 5321.
+.PP
+This feature is available in Postfix 2.6 and later.
+.SH access_map_reject_code (default: 554)
+The numerical Postfix SMTP server response code for
+an \fBaccess\fR(5) map "reject" action.
+.PP
+Do not change this unless you have a complete understanding of RFC 5321.
+.SH address_verify_cache_cleanup_interval (default: 12h)
+The amount of time between \fBverify\fR(8) address verification
+database cleanup runs. This feature requires that the database
+supports the "delete" and "sequence" operators. Specify a zero
+interval to disable database cleanup.
+.PP
+After each database cleanup run, the \fBverify\fR(8) daemon logs the
+number of entries that were retained and dropped. A cleanup run is
+logged as "partial" when the daemon terminates early after "\fBpostfix
+reload\fR", "\fBpostfix stop\fR", or no requests for $max_idle
+seconds.
+.PP
+Specify a non\-negative time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is h (hours).
+.PP
+This feature is available in Postfix 2.7.
+.SH address_verify_default_transport (default: $default_transport)
+Overrides the default_transport parameter setting for address
+verification probes.
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH address_verify_local_transport (default: $local_transport)
+Overrides the local_transport parameter setting for address
+verification probes.
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH address_verify_map (default: see "postconf \-d" output)
+Lookup table for persistent address verification status
+storage. The table is maintained by the \fBverify\fR(8) service, and
+is opened before the process releases privileges.
+.PP
+The lookup table is persistent by default (Postfix 2.7 and later).
+Specify an empty table name to keep the information in volatile
+memory which is lost after "\fBpostfix reload\fR" or "\fBpostfix
+stop\fR". This is the default with Postfix version 2.6 and earlier.
+.PP
+Specify a location in a file system that will not fill up. If the
+database becomes corrupted, the world comes to an end. To recover,
+delete (NOT: truncate) the file and do "\fBpostfix reload\fR".
+.PP
+Postfix daemon processes do not use root privileges when opening
+this file (Postfix 2.5 and later). The file must therefore be
+stored under a Postfix\-owned directory such as the data_directory.
+As a migration aid, an attempt to open the file under a non\-Postfix
+directory is redirected to the Postfix\-owned data_directory, and a
+warning is logged.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+address_verify_map = hash:/var/lib/postfix/verify
+address_verify_map = btree:/var/lib/postfix/verify
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH address_verify_negative_cache (default: yes)
+Enable caching of failed address verification probe results. When
+this feature is enabled, the cache may pollute quickly with garbage.
+When this feature is disabled, Postfix will generate an address
+probe for every lookup.
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH address_verify_negative_expire_time (default: 3d)
+The time after which a failed probe expires from the address
+verification cache.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is d (days).
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH address_verify_negative_refresh_time (default: 3h)
+The time after which a failed address verification probe needs to
+be refreshed.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is h (hours).
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH address_verify_pending_request_limit (default: see "postconf \-d" output)
+A safety limit that prevents address verification requests from
+overwhelming the Postfix queue. By default, the number of pending
+requests is limited to 1/4 of the active queue maximum size
+(qmgr_message_active_limit). The queue manager enforces the limit
+by tempfailing requests that exceed the limit. This affects only
+unknown addresses and inactive addresses that have expired, because
+the \fBverify\fR(8) daemon automatically refreshes an active address
+before it expires.
+.PP
+This feature is available in Postfix 3.1 and later.
+.SH address_verify_poll_count (default: normal: 3, overload: 1)
+How many times to query the \fBverify\fR(8) service for the completion
+of an address verification request in progress.
+.PP
+By default, the Postfix SMTP server polls the \fBverify\fR(8) service
+up to three times under non\-overload conditions, and only once when
+under overload. With Postfix version 2.5 and earlier, the SMTP
+server always polls the \fBverify\fR(8) service up to three times by
+default.
+.PP
+Specify 1 to implement a crude form of greylisting, that is, always
+defer the first delivery request for a new address.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+# Postfix <= 2.6 default
+address_verify_poll_count = 3
+# Poor man's greylisting
+address_verify_poll_count = 1
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH address_verify_poll_delay (default: 3s)
+The delay between queries for the completion of an address
+verification request in progress.
+.PP
+The default polling delay is 3 seconds.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH address_verify_positive_expire_time (default: 31d)
+The time after which a successful probe expires from the address
+verification cache.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is d (days).
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH address_verify_positive_refresh_time (default: 7d)
+The time after which a successful address verification probe needs
+to be refreshed. The address verification status is not updated
+when the probe fails (optimistic caching).
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is d (days).
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH address_verify_relay_transport (default: $relay_transport)
+Overrides the relay_transport parameter setting for address
+verification probes.
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH address_verify_relayhost (default: $relayhost)
+Overrides the relayhost parameter setting for address verification
+probes. This information can be overruled with the \fBtransport\fR(5) table.
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH address_verify_sender (default: $double_bounce_sender)
+The sender address to use in address verification probes; prior
+to Postfix 2.5 the default was "postmaster". To
+avoid problems with address probes that are sent in response to
+address probes, the Postfix SMTP server excludes the probe sender
+address from all SMTPD access blocks.
+.PP
+Specify an empty value (address_verify_sender =) or <> if you want
+to use the null sender address. Beware, some sites reject mail from
+<>, even though RFCs require that such addresses be accepted.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+address_verify_sender = <>
+address_verify_sender = postmaster@mydomain
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH address_verify_sender_dependent_default_transport_maps (default: $sender_dependent_default_transport_maps)
+Overrides the sender_dependent_default_transport_maps parameter
+setting for address verification probes.
+.PP
+This feature is available in Postfix 2.7 and later.
+.SH address_verify_sender_dependent_relayhost_maps (default: $sender_dependent_relayhost_maps)
+Overrides the sender_dependent_relayhost_maps parameter setting for address
+verification probes.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH address_verify_sender_ttl (default: 0s)
+The time between changes in the time\-dependent portion of address
+verification probe sender addresses. The time\-dependent portion is
+appended to the localpart of the address specified with the
+address_verify_sender parameter. This feature is ignored when the
+probe sender addresses is the null sender, i.e. the address_verify_sender
+value is empty or <>.
+.PP
+Historically, the probe sender address was fixed. This has
+caused such addresses to end up on spammer mailing lists, and has
+resulted in wasted network and processing resources.
+.PP
+To enable time\-dependent probe sender addresses, specify a
+non\-zero time value. Specify a value of at least several hours,
+to avoid problems with senders that use greylisting. Avoid nice
+TTL values, to make the result less predictable.
+.PP
+Specify a non\-negative time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.9 and later.
+.SH address_verify_service_name (default: verify)
+The name of the \fBverify\fR(8) address verification service. This service
+maintains the status of sender and/or recipient address verification
+probes, and generates probes on request by other Postfix processes.
+.SH address_verify_transport_maps (default: $transport_maps)
+Overrides the transport_maps parameter setting for address verification
+probes.
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH address_verify_virtual_transport (default: $virtual_transport)
+Overrides the virtual_transport parameter setting for address
+verification probes.
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH alias_database (default: see "postconf \-d" output)
+The alias databases for \fBlocal\fR(8) delivery that are updated with
+"\fBnewaliases\fR" or with "\fBsendmail \-bi\fR".
+.PP
+This is a separate configuration parameter because not all the
+tables specified with $alias_maps have to be local files.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+alias_database = hash:/etc/aliases
+alias_database = hash:/etc/mail/aliases
+.fi
+.ad
+.ft R
+.SH alias_maps (default: see "postconf \-d" output)
+The alias databases that are used for \fBlocal\fR(8) delivery. See
+\fBaliases\fR(5) for syntax details.
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+Note: these lookups are recursive.
+.PP
+The default list is system dependent. On systems with NIS, the
+default is to search the local alias database, then the NIS alias
+database.
+.PP
+If you change the alias database, run "\fBpostalias /etc/aliases\fR"
+(or wherever your system stores the mail alias file), or simply
+run "\fBnewaliases\fR" to build the necessary DBM or DB file.
+.PP
+The \fBlocal\fR(8) delivery agent disallows regular expression substitution
+of $1 etc. in alias_maps, because that would open a security hole.
+.PP
+The \fBlocal\fR(8) delivery agent will silently ignore requests to use
+the \fBproxymap\fR(8) server within alias_maps. Instead it will open the
+table directly. Before Postfix version 2.2, the \fBlocal\fR(8) delivery
+agent will terminate with a fatal error.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+alias_maps = hash:/etc/aliases, nis:mail.aliases
+alias_maps = hash:/etc/aliases
+.fi
+.ad
+.ft R
+.SH allow_mail_to_commands (default: alias, forward)
+Restrict \fBlocal\fR(8) mail delivery to external commands. The default
+is to disallow delivery to "|command" in :include: files (see
+\fBaliases\fR(5) for the text that defines this terminology).
+.PP
+Specify zero or more of: \fBalias\fR, \fBforward\fR or \fBinclude\fR,
+in order to allow commands in \fBaliases\fR(5), .forward files or in
+:include: files, respectively.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+allow_mail_to_commands = alias,forward,include
+.fi
+.ad
+.ft R
+.SH allow_mail_to_files (default: alias, forward)
+Restrict \fBlocal\fR(8) mail delivery to external files. The default is
+to disallow "/file/name" destinations in :include: files (see
+\fBaliases\fR(5) for the text that defines this terminology).
+.PP
+Specify zero or more of: \fBalias\fR, \fBforward\fR or \fBinclude\fR,
+in order to allow "/file/name" destinations in \fBaliases\fR(5), .forward
+files and in :include: files, respectively.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+allow_mail_to_files = alias,forward,include
+.fi
+.ad
+.ft R
+.SH allow_min_user (default: no)
+Allow a sender or recipient address to have `\-' as the first
+character. By
+default, this is not allowed, to avoid accidents with software that
+passes email addresses via the command line. Such software
+would not be able to distinguish a malicious address from a
+bona fide command\-line option. Although this can be prevented by
+inserting a "\-\-" option terminator into the command line, this is
+difficult to enforce consistently and globally.
+.PP
+As of Postfix version 2.5, this feature is implemented by
+trivial\-\fBrewrite\fR(8). With earlier versions this feature was implemented
+by \fBqmgr\fR(8) and was limited to recipient addresses only.
+.SH allow_percent_hack (default: yes)
+Enable the rewriting of the form "user%domain" to "user@domain".
+This is enabled by default.
+.PP
+Note: as of Postfix version 2.2, message header address rewriting
+happens only when one of the following conditions is true:
+.IP \(bu
+The message is received with the Postfix \fBsendmail\fR(1) command,
+.IP \(bu
+The message is received from a network client that matches
+$local_header_rewrite_clients,
+.IP \(bu
+The message is received from the network, and the
+remote_header_rewrite_domain parameter specifies a non\-empty value.
+.br
+.PP
+To get the behavior before Postfix version 2.2, specify
+"local_header_rewrite_clients = static:all".
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+allow_percent_hack = no
+.fi
+.ad
+.ft R
+.SH allow_srv_lookup_fallback (default: no)
+When SRV record lookup fails or no SRV record exists, fall back
+to MX or IP address lookup as if SRV record lookup was not enabled.
+.PP
+This feature is available in Postfix 3.8 and later.
+.SH allow_untrusted_routing (default: no)
+Forward mail with sender\-specified routing (user[@%!]remote[@%!]site)
+from untrusted clients to destinations matching $relay_domains.
+.PP
+By default, this feature is turned off. This closes a nasty open
+relay loophole where a backup MX host can be tricked into forwarding
+junk mail to a primary MX host which then spams it out to the world.
+.PP
+This parameter also controls if non\-local addresses with sender\-specified
+routing can match Postfix access tables. By default, such addresses
+cannot match Postfix access tables, because the address is ambiguous.
+.SH alternate_config_directories (default: empty)
+A list of non\-default Postfix configuration directories that may
+be specified with "\-c config_directory" on the command line (in the
+case of \fBsendmail\fR(1), with the "\-C" option), or via the MAIL_CONFIG
+environment parameter.
+.PP
+This list must be specified in the default Postfix main.cf file,
+and will be used by set\-gid Postfix commands such as \fBpostqueue\fR(1)
+and \fBpostdrop\fR(1).
+.PP
+Specify absolute pathnames, separated by comma or space. Note: $name
+expansion is not supported.
+.SH always_add_missing_headers (default: no)
+Always add (Resent\-) From:, To:, Date: or Message\-ID: headers
+when not present. Postfix 2.6 and later add these headers only
+when clients match the local_header_rewrite_clients parameter
+setting. Earlier Postfix versions always add these headers; this
+may break DKIM signatures that cover non\-existent headers.
+The undisclosed_recipients_header parameter setting determines
+whether a To: header will be added.
+.SH always_bcc (default: empty)
+Optional address that receives a "blind carbon copy" of each message
+that is received by the Postfix mail system.
+.PP
+Note: with Postfix 2.3 and later the BCC address is added as if it
+was specified with NOTIFY=NONE. The sender will not be notified
+when the BCC address is undeliverable, as long as all down\-stream
+software implements RFC 3461.
+.PP
+Note: with Postfix 2.2 and earlier the sender will be notified
+when the BCC address is undeliverable.
+.PP
+Note: automatic BCC recipients are produced only for new mail.
+To avoid mailer loops, automatic BCC recipients are not generated
+after Postfix forwards mail internally, or after Postfix generates
+mail itself.
+.SH anvil_rate_time_unit (default: 60s)
+The time unit over which client connection rates and other rates
+are calculated.
+.PP
+This feature is implemented by the \fBanvil\fR(8) service which is available
+in Postfix version 2.2 and later.
+.PP
+The default interval is relatively short. Because of the high
+frequency of updates, the \fBanvil\fR(8) server uses volatile memory
+only. Thus, information is lost whenever the process terminates.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH anvil_status_update_time (default: 600s)
+How frequently the \fBanvil\fR(8) connection and rate limiting server
+logs peak usage information.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH append_at_myorigin (default: yes)
+With locally submitted mail, append the string "@$myorigin" to mail
+addresses without domain information. With remotely submitted mail,
+append the string "@$remote_header_rewrite_domain" instead.
+.PP
+Note 1: this feature is enabled by default and must not be turned off.
+Postfix does not support domain\-less addresses.
+.PP
+Note 2: with Postfix version 2.2, message header address rewriting
+happens only when one of the following conditions is true:
+.IP \(bu
+The message is received with the Postfix \fBsendmail\fR(1) command,
+.IP \(bu
+The message is received from a network client that matches
+$local_header_rewrite_clients,
+.IP \(bu
+The message is received from the network, and the
+remote_header_rewrite_domain parameter specifies a non\-empty value.
+.br
+.PP
+To get the behavior before Postfix version 2.2, specify
+"local_header_rewrite_clients = static:all".
+.SH append_dot_mydomain (default: Postfix >= 3.0: no, Postfix < 3.0: yes)
+With locally submitted mail, append the string ".$mydomain" to
+addresses that have no ".domain" information. With remotely submitted
+mail, append the string ".$remote_header_rewrite_domain"
+instead.
+.PP
+Note 1: When disabled (Postfix 3.0 and later), users will not be
+able to send mail to "user@partialdomainname" but will have to
+specify full domain names instead.
+.PP
+Note 2: with Postfix version 2.2, message header address rewriting
+happens only when one of the following conditions is true:
+.IP \(bu
+The message is received with the Postfix \fBsendmail\fR(1) command,
+.IP \(bu
+The message is received from a network client that matches
+$local_header_rewrite_clients,
+.IP \(bu
+The message is received from the network, and the
+remote_header_rewrite_domain parameter specifies a non\-empty value.
+.br
+.PP
+To get the behavior before Postfix version 2.2, specify
+"local_header_rewrite_clients = static:all".
+.SH application_event_drain_time (default: 100s)
+How long the \fBpostkick\fR(1) command waits for a request to enter the
+Postfix daemon process input buffer before giving up.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH authorized_flush_users (default: static:anyone)
+List of users who are authorized to flush the queue.
+.PP
+By default, all users are allowed to flush the queue. Access is
+always granted if the invoking user is the super\-user or the
+$mail_owner user. Otherwise, the real UID of the process is looked
+up in the system password file, and access is granted only if the
+corresponding login name is on the access list. The username
+"unknown" is used for processes whose real UID is not found in the
+password file.
+.PP
+Specify a list of user names, "/file/name" or "type:table" patterns,
+separated by commas and/or whitespace. The list is matched left to
+right, and the search stops on the first match. A "/file/name"
+pattern is replaced
+by its contents; a "type:table" lookup table is matched when a name
+matches a lookup key (the lookup result is ignored). Continue long
+lines by starting the next line with whitespace. Specify "!pattern"
+to exclude a name from the list. The form "!/file/name" is supported
+only in Postfix version 2.4 and later.
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH authorized_mailq_users (default: static:anyone)
+List of users who are authorized to view the queue.
+.PP
+By default, all users are allowed to view the queue. Access is
+always granted if the invoking user is the super\-user or the
+$mail_owner user. Otherwise, the real UID of the process is looked
+up in the system password file, and access is granted only if the
+corresponding login name is on the access list. The username
+"unknown" is used for processes whose real UID is not found in the
+password file.
+.PP
+Specify a list of user names, "/file/name" or "type:table" patterns,
+separated by commas and/or whitespace. The list is matched left to
+right, and the search stops on the first match. A "/file/name"
+pattern is replaced
+by its contents; a "type:table" lookup table is matched when a name
+matches a lookup key (the lookup result is ignored). Continue long
+lines by starting the next line with whitespace. Specify "!pattern"
+to exclude a user name from the list. The form "!/file/name" is
+supported only in Postfix version 2.4 and later.
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH authorized_submit_users (default: static:anyone)
+List of users who are authorized to submit mail with the \fBsendmail\fR(1)
+command (and with the privileged \fBpostdrop\fR(1) helper command).
+.PP
+By default, all users are allowed to submit mail. Otherwise, the
+real UID of the process is looked up in the system password file,
+and access is granted only if the corresponding login name is on
+the access list. The username "unknown" is used for processes
+whose real UID is not found in the password file. To deny mail
+submission access to all users specify an empty list.
+.PP
+Specify a list of user names, "/file/name" or "type:table" patterns,
+separated by commas and/or whitespace. The list is matched left to right,
+and the search stops on the first match. A "/file/name" pattern is
+replaced by its contents;
+a "type:table" lookup table is matched when a name matches a lookup key
+(the lookup result is ignored). Continue long lines by starting the
+next line with whitespace. Specify "!pattern" to exclude a user
+name from the list. The form "!/file/name" is supported only in
+Postfix version 2.4 and later.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+authorized_submit_users = !www, static:all
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH authorized_verp_clients (default: $mynetworks)
+What remote SMTP clients are allowed to specify the XVERP command.
+This command requests that mail be delivered one recipient at a
+time with a per recipient return address.
+.PP
+By default, only trusted clients are allowed to specify XVERP.
+.PP
+This parameter was introduced with Postfix version 1.1. Postfix
+version 2.1 renamed this parameter to smtpd_authorized_verp_clients
+and changed the default to none.
+.PP
+Specify a list of network/netmask patterns, separated by commas
+and/or whitespace. The mask specifies the number of bits in the
+network part of a host address. You can also specify hostnames or
+\&.domain names (the initial dot causes the domain to match any name
+below it), "/file/name" or "type:table" patterns. A "/file/name"
+pattern is replaced by its contents; a "type:table" lookup table
+is matched when a table entry matches a lookup string (the lookup
+result is ignored). Continue long lines by starting the next line
+with whitespace. Specify "!pattern" to exclude an address or network
+block from the list. The form "!/file/name" is supported only in
+Postfix version 2.4 and later.
+.PP
+Note: IP version 6 address information must be specified inside
+[] in the authorized_verp_clients value, and in files
+specified with "/file/name". IP version 6 addresses contain the
+":" character, and would otherwise be confused with a "type:table"
+pattern.
+.SH backwards_bounce_logfile_compatibility (default: yes)
+Produce additional \fBbounce\fR(8) logfile records that can be read by
+Postfix versions before 2.0. The current and more extensible "name =
+value" format is needed in order to implement more sophisticated
+functionality.
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH berkeley_db_create_buffer_size (default: 16777216)
+The per\-table I/O buffer size for programs that create Berkeley DB
+hash or btree tables. Specify a byte count.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH berkeley_db_read_buffer_size (default: 131072)
+The per\-table I/O buffer size for programs that read Berkeley DB
+hash or btree tables. Specify a byte count.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH best_mx_transport (default: empty)
+Where the Postfix SMTP client should deliver mail when it detects
+a "mail loops back to myself" error condition. This happens when
+the local MTA is the best SMTP mail exchanger for a destination
+not listed in $mydestination, $inet_interfaces, $proxy_interfaces,
+$virtual_alias_domains, or $virtual_mailbox_domains. By default,
+the Postfix SMTP client returns such mail as undeliverable.
+.PP
+Specify, for example, "best_mx_transport = local" to pass the mail
+from the Postfix SMTP client to the \fBlocal\fR(8) delivery agent. You
+can specify
+any message delivery "transport" or "transport:nexthop" that is
+defined in the master.cf file. See the \fBtransport\fR(5) manual page
+for the syntax and meaning of "transport" or "transport:nexthop".
+.PP
+However, this feature is expensive because it ties up a Postfix
+SMTP client process while the \fBlocal\fR(8) delivery agent is doing its
+work. It is more efficient (for Postfix) to list all hosted domains
+in a table or database.
+.SH biff (default: yes)
+Whether or not to use the local biff service. This service sends
+"new mail" notifications to users who have requested new mail
+notification with the UNIX command "biff y".
+.PP
+For compatibility reasons this feature is on by default. On systems
+with lots of interactive users, the biff service can be a performance
+drain. Specify "biff = no" in main.cf to disable.
+.SH body_checks (default: empty)
+Optional lookup tables for content inspection as specified in
+the \fBbody_checks\fR(5) manual page.
+.PP
+Note: with Postfix versions before 2.0, these rules inspect
+all content after the primary message headers.
+.SH body_checks_size_limit (default: 51200)
+How much text in a message body segment (or attachment, if you
+prefer to use that term) is subjected to body_checks inspection.
+The amount of text is limited to avoid scanning huge attachments.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH bounce_notice_recipient (default: postmaster)
+The recipient of postmaster notifications with the message headers
+of mail that Postfix did not deliver and of SMTP conversation
+transcripts of mail that Postfix did not receive. This feature is
+enabled with the notify_classes parameter.
+.SH bounce_queue_lifetime (default: 5d)
+Consider a bounce message as undeliverable, when delivery fails
+with a temporary error, and the time in the queue has reached the
+bounce_queue_lifetime limit. By default, this limit is the same
+as for regular mail.
+.PP
+Specify a non\-negative time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is d (days).
+.PP
+Specify 0 when mail delivery should be tried only once.
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH bounce_service_name (default: bounce)
+The name of the \fBbounce\fR(8) service. This service maintains a record
+of failed delivery attempts and generates non\-delivery notifications.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH bounce_size_limit (default: 50000)
+The maximal amount of original message text that is sent in a
+non\-delivery notification. Specify a byte count. A message is
+returned as either message/rfc822 (the complete original) or as
+text/rfc822\-headers (the headers only). With Postfix version 2.4
+and earlier, a message is always returned as message/rfc822 and is
+truncated when it exceeds the size limit.
+.PP
+Notes:
+.IP \(bu
+If you increase this limit, then you should increase the
+mime_nesting_limit value proportionally.
+.IP \(bu
+Be careful when making changes. Excessively large values
+will result in the loss of non\-delivery notifications, when a bounce
+message size exceeds a local or remote MTA's message size limit.
+.br
+.SH bounce_template_file (default: empty)
+Pathname of a configuration file with bounce message templates.
+These override the built\-in templates of delivery status notification
+(DSN) messages for undeliverable mail, delayed mail, successful
+delivery, or delivery verification. The \fBbounce\fR(5) manual page
+describes how to edit and test template files.
+.PP
+Template message body text may contain $name references to
+Postfix configuration parameters. The result of $name expansion can
+be previewed with "\fBpostconf \-b \fIfile_name\fR\fR" before the file
+is placed into the Postfix configuration directory.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH broken_sasl_auth_clients (default: no)
+Enable interoperability with remote SMTP clients that implement an obsolete
+version of the AUTH command (RFC 4954). Examples of such clients
+are MicroSoft Outlook Express version 4 and MicroSoft Exchange
+version 5.0.
+.PP
+Specify "broken_sasl_auth_clients = yes" to have Postfix advertise
+AUTH support in a non\-standard way.
+.SH canonical_classes (default: envelope_sender, envelope_recipient, header_sender, header_recipient)
+What addresses are subject to canonical_maps address mapping.
+By default, canonical_maps address mapping is applied to envelope
+sender and recipient addresses, and to header sender and header
+recipient addresses.
+.PP
+Specify one or more of: envelope_sender, envelope_recipient,
+header_sender, header_recipient
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH canonical_maps (default: empty)
+Optional address mapping lookup tables for message headers and
+envelopes. The mapping is applied to both sender and recipient
+addresses, in both envelopes and in headers, as controlled
+with the canonical_classes parameter. This is typically used
+to clean up dirty addresses from legacy mail systems, or to replace
+login names by Firstname.Lastname. The table format and lookups
+are documented in \fBcanonical\fR(5). For an overview of Postfix address
+manipulations see the ADDRESS_REWRITING_README document.
+.PP
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+Note: these lookups are recursive.
+.PP
+If you use this feature, run "\fBpostmap /etc/postfix/canonical\fR" to
+build the necessary DBM or DB file after every change. The changes
+will become visible after a minute or so. Use "\fBpostfix reload\fR"
+to eliminate the delay.
+.PP
+Note: with Postfix version 2.2, message header address mapping
+happens only when message header address rewriting is enabled:
+.IP \(bu
+The message is received with the Postfix \fBsendmail\fR(1) command,
+.IP \(bu
+The message is received from a network client that matches
+$local_header_rewrite_clients,
+.IP \(bu
+The message is received from the network, and the
+remote_header_rewrite_domain parameter specifies a non\-empty value.
+.br
+.PP
+To get the behavior before Postfix version 2.2, specify
+"local_header_rewrite_clients = static:all".
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+canonical_maps = dbm:/etc/postfix/canonical
+canonical_maps = hash:/etc/postfix/canonical
+.fi
+.ad
+.ft R
+.SH cleanup_replace_stray_cr_lf (default: yes)
+Replace each stray <CR> or <LF> character in message
+content with a space character, to prevent outbound SMTP smuggling,
+and to make the evaluation of Postfix\-added DKIM or other signatures
+independent from how a remote mail server handles such characters.
+.PP
+SMTP does not allow such characters unless they are part of a
+<CR><LF> sequence, and different mail systems handle
+such stray characters in an implementation\-dependent manner. Stray
+<CR> or <LF> characters could be used for outbound
+SMTP smuggling, where an attacker uses a Postfix server to send
+message content with a non\-standard End\-of\-DATA sequence that
+triggers inbound SMTP smuggling at a remote SMTP server.
+.PP
+The replacement happens before all other content management,
+and before Postfix may add a DKIM etc. signature; if the signature
+were created first, the replacement could invalidate the signature.
+.PP
+In addition to preventing SMTP smuggling, replacing stray
+<CR> or <LF> characters ensures that the result of
+signature validation by later mail system will not depend on how
+that mail system handles those stray characters in an
+implementation\-dependent manner.
+.PP
+This feature is available in Postfix >= 3.9, 3.8.5, 3.7.10,
+3.6.14, and 3.5.24.
+.SH cleanup_service_name (default: cleanup)
+The name of the \fBcleanup\fR(8) service. This service rewrites addresses
+into the standard form, and performs \fBcanonical\fR(5) address mapping
+and \fBvirtual\fR(5) aliasing.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH command_directory (default: see "postconf \-d" output)
+The location of all postfix administrative commands.
+.SH command_execution_directory (default: empty)
+The \fBlocal\fR(8) delivery agent working directory for delivery to
+external commands. Failure to change directory causes the delivery
+to be deferred.
+.PP
+The command_execution_directory value is not subject to Postfix
+configuration parameter $name expansion. Instead, the following
+$name expansions are done on command_execution_directory before the
+directory is used. Expansion happens in the context
+of the delivery request. The result of $name expansion is filtered
+with the character set that is specified with the
+execution_directory_expansion_filter parameter.
+.IP "\fB$user\fR"
+The recipient's username.
+.br
+.IP "\fB$shell\fR"
+The recipient's login shell pathname.
+.br
+.IP "\fB$home\fR"
+The recipient's home directory.
+.br
+.IP "\fB$recipient\fR"
+The full recipient address.
+.br
+.IP "\fB$extension\fR"
+The optional recipient address extension.
+.br
+.IP "\fB$domain\fR"
+The recipient domain.
+.br
+.IP "\fB$local\fR"
+The entire recipient localpart.
+.br
+.IP "\fB$recipient_delimiter\fR"
+The address extension delimiter that was found in the recipient
+address (Postfix 2.11 and later), or the system\-wide recipient
+address extension delimiter (Postfix 2.10 and earlier).
+.br
+.IP "\fB${name?value}\fR"
+.IP "\fB${name?{value}}\fR (Postfix >= 3.0)"
+Expands to \fIvalue\fR when \fI$name\fR is non\-empty.
+.br
+.IP "\fB${name:value}\fR"
+.IP "\fB${name:{value}}\fR (Postfix >= 3.0)"
+Expands to \fIvalue\fR when \fI$name\fR is empty.
+.br
+.IP "\fB${name?{value1}:{value2}}\fR (Postfix >= 3.0)"
+Expands to \fIvalue1\fR when \fI$name\fR is non\-empty,
+\fIvalue2\fR otherwise.
+.br
+.br
+.PP
+Instead of $name you can also specify ${name} or $(name).
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH command_expansion_filter (default: see "postconf \-d" output)
+Restrict the characters that the \fBlocal\fR(8) delivery agent allows in
+$name expansions of $mailbox_command and $command_execution_directory.
+Characters outside the
+allowed set are replaced by underscores.
+.SH command_time_limit (default: 1000s)
+Time limit for delivery to external commands. This limit is used
+by the \fBlocal\fR(8) delivery agent, and is the default time limit for
+delivery by the \fBpipe\fR(8) delivery agent.
+.PP
+Note: if you set this time limit to a large value you must update the
+global ipc_timeout parameter as well.
+.SH compatibility_level (default: 0)
+A safety net that causes Postfix to run with backwards\-compatible
+default settings after an upgrade to a newer Postfix version.
+.PP
+With backwards compatibility turned on (the main.cf compatibility_level
+value is less than the Postfix built\-in value), Postfix looks for
+settings that are left at their implicit default value, and logs a
+message when a backwards\-compatible default setting is required.
+.sp
+.in +4
+.nf
+.na
+.ft C
+using backwards\-compatible default setting \fIname=value\fR
+ to [accept a specific client request]
+.sp
+using backwards\-compatible default setting \fIname=value\fR
+ to [enable specific Postfix behavior]
+.fi
+.ad
+.ft R
+.in -4
+.PP
+See COMPATIBILITY_README for specific message details. If such
+a message is logged in the context of a legitimate request, the
+system administrator should make the backwards\-compatible setting
+permanent in main.cf or master.cf, for example:
+.sp
+.in +4
+.nf
+.na
+.ft C
+# \fBpostconf\fR \fIname=value\fR
+# \fBpostfix reload\fR
+.fi
+.ad
+.ft R
+.in -4
+.PP
+When no more backwards\-compatible settings need to be made
+permanent, the administrator should turn off backwards compatibility
+by updating the compatibility_level setting in main.cf:
+.sp
+.in +4
+.nf
+.na
+.ft C
+# \fBpostconf compatibility_level=\fIN\fR\fR
+# \fBpostfix reload\fR
+.fi
+.ad
+.ft R
+.in -4
+.PP
+For \fIN\fR specify the number that is logged in your \fBpostfix\fR(1)
+warning message:
+.sp
+.in +4
+.nf
+.na
+.ft C
+warning: To disable backwards compatibility use "postconf
+ compatibility_level=\fIN\fR" and "postfix reload"
+.fi
+.ad
+.ft R
+.in -4
+.PP
+Starting with Postfix version 3.6, the compatibility level in
+the above warning message is the Postfix version that introduced
+the last incompatible change. The level is formatted as
+\fImajor.minor.patch\fR, where \fIpatch\fR is usually omitted and
+defaults to zero. Earlier compatibility levels are 0, 1 and 2.
+.PP
+NOTE: this also introduces support for the "<level",
+"<=level", and other operators to compare compatibility levels.
+With the standard operators "<", "<=", etc., compatibility
+level "3.10" would be smaller than "3.9" which is undesirable.
+.PP
+This feature is available in Postfix 3.0 and later.
+.SH config_directory (default: see "postconf \-d" output)
+The default location of the Postfix main.cf and master.cf
+configuration files. This can be overruled via the following
+mechanisms:
+.IP \(bu
+The MAIL_CONFIG environment variable (daemon processes
+and commands).
+.IP \(bu
+The "\-c" command\-line option (commands only).
+.br
+.PP
+With Postfix commands that run with set\-gid privileges, a
+config_directory override either requires root privileges, or it
+requires that the directory is listed with the alternate_config_directories
+parameter in the default main.cf file.
+.SH confirm_delay_cleared (default: no)
+After sending a "your message is delayed" notification, inform
+the sender when the delay clears up. This can result in a sudden
+burst of notifications at the end of a prolonged network outage,
+and is therefore disabled by default.
+.PP
+See also: delay_warning_time.
+.PP
+This feature is available in Postfix 3.0 and later.
+.SH connection_cache_protocol_timeout (default: 5s)
+Time limit for connection cache connect, send or receive
+operations. The time limit is enforced in the client.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH connection_cache_service_name (default: scache)
+The name of the \fBscache\fR(8) connection cache service. This service
+maintains a limited pool of cached sessions.
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH connection_cache_status_update_time (default: 600s)
+How frequently the \fBscache\fR(8) server logs usage statistics with
+connection cache hit and miss rates for logical destinations and for
+physical endpoints.
+.SH connection_cache_ttl_limit (default: 2s)
+The maximal time\-to\-live value that the \fBscache\fR(8) connection
+cache server
+allows. Requests that specify a larger TTL will be stored with the
+maximum allowed TTL. The purpose of this additional control is to
+protect the infrastructure against careless people. The cache TTL
+is already bounded by $max_idle.
+.SH content_filter (default: empty)
+After the message is queued, send the entire message to the
+specified \fItransport:destination\fR. The \fItransport\fR name
+specifies the first field of a mail delivery agent definition in
+master.cf; the syntax of the next\-hop \fIdestination\fR is described
+in the manual page of the corresponding delivery agent. More
+information about external content filters is in the Postfix
+FILTER_README file.
+.PP
+Notes:
+.IP \(bu
+This setting has lower precedence than a FILTER action
+that is specified in an \fBaccess\fR(5), \fBheader_checks\fR(5) or \fBbody_checks\fR(5)
+table.
+.IP \(bu
+The meaning of an empty next\-hop filter \fIdestination\fR
+is version dependent. Postfix 2.7 and later will use the recipient
+domain; earlier versions will use $myhostname. Specify
+"default_filter_nexthop = $myhostname" for compatibility with Postfix
+2.6 or earlier, or specify a content_filter value with an explicit
+next\-hop \fIdestination\fR.
+.br
+.SH cyrus_sasl_config_path (default: empty)
+Search path for Cyrus SASL application configuration files,
+currently used only to locate the $smtpd_sasl_path.conf file.
+Specify zero or more directories separated by a colon character,
+or an empty value to use Cyrus SASL's built\-in search path.
+.PP
+This feature is available in Postfix 2.5 and later when compiled
+with Cyrus SASL 2.1.22 or later.
+.SH daemon_directory (default: see "postconf \-d" output)
+The directory with Postfix support programs and daemon programs.
+These should not be invoked directly by humans. The directory must
+be owned by root.
+.SH daemon_table_open_error_is_fatal (default: no)
+How a Postfix daemon process handles errors while opening lookup
+tables: gradual degradation or immediate termination.
+.IP "\fB no \fR (default)"
+Gradual degradation: a
+daemon process logs a message of type "error" and continues execution
+with reduced functionality. Features that do not depend on the
+unavailable table will work normally, while features that depend
+on the table will result in a type "warning" message.
+.br
+When
+the notify_classes parameter value contains the "data" class, the
+Postfix SMTP server and client will report transcripts of sessions
+with an error because a table is unavailable.
+.br
+.IP "\fB yes \fR (historical behavior)"
+Immediate
+termination: a daemon process logs a type "fatal" message and
+terminates immediately. This option reduces the number of possible
+code paths through Postfix, and may therefore be slightly more
+secure than the default.
+.br
+.br
+.PP
+For the sake of sanity, the number of type "error" messages is
+limited to 13 over the lifetime of a daemon process.
+.PP
+This feature is available in Postfix 2.9 and later.
+.SH daemon_timeout (default: 18000s)
+How much time a Postfix daemon process may take to handle a
+request before it is terminated by a built\-in watchdog timer.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH data_directory (default: see "postconf \-d" output)
+The directory with Postfix\-writable data files (for example:
+caches, pseudo\-random numbers). This directory must be owned by
+the mail_owner account, and must not be shared with non\-Postfix
+software.
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH debug_peer_level (default: 2)
+The increment in verbose logging level when a nexthop destination,
+remote client or server name or network address matches a pattern
+given with the debug_peer_list parameter.
+.PP
+Per\-nexthop debug logging is available in Postfix 3.6 and later.
+.SH debug_peer_list (default: empty)
+Optional list of nexthop destination, remote client or server
+name or network address patterns that, if matched, cause the verbose
+logging level to increase by the amount specified in $debug_peer_level.
+.PP
+Per\-nexthop debug logging is available in Postfix 3.6 and later.
+.PP
+Specify domain names, network/netmask patterns, "/file/name"
+patterns or "type:table" lookup tables. The right\-hand side result
+from "type:table" lookups is ignored.
+.PP
+Pattern matching of domain names is controlled by the presence
+or absence of "debug_peer_list" in the parent_domain_matches_subdomains
+parameter value.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+debug_peer_list = 127.0.0.1
+debug_peer_list = example.com
+.fi
+.ad
+.ft R
+.SH debugger_command (default: empty)
+The external command to execute when a Postfix daemon program is
+invoked with the \-D option.
+.PP
+Use "command .. & sleep 5" so that the debugger can attach before
+the process marches on. If you use an X\-based debugger, be sure to
+set up your XAUTHORITY environment variable before starting Postfix.
+.PP
+Note: the command is subject to $name expansion, before it is
+passed to the default command interpreter. Specify "$$" to
+produce a single "$" character.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+debugger_command =
+ PATH=/usr/bin:/usr/X11R6/bin
+ ddd $daemon_directory/$process_name $process_id & sleep 5
+.fi
+.ad
+.ft R
+.SH default_database_type (default: see "postconf \-d" output)
+The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1)
+and \fBpostmap\fR(1) commands. On many UNIX systems the default type is
+either \fBdbm\fR or \fBhash\fR. The default setting is frozen
+when the Postfix system is built.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+default_database_type = hash
+default_database_type = dbm
+.fi
+.ad
+.ft R
+.SH default_delivery_slot_cost (default: 5)
+How often the Postfix queue manager's scheduler is allowed to
+preempt delivery of one message with another.
+.PP
+Each transport maintains a so\-called "available delivery slot counter"
+for each message. One message can be preempted by another one when
+the other message can be delivered using no more delivery slots
+(i.e., invocations of delivery agents) than the current message
+counter has accumulated (or will eventually accumulate \- see about
+slot loans below). This parameter controls how often the counter is
+incremented \- it happens after each default_delivery_slot_cost
+recipients have been delivered.
+.PP
+The cost of 0 is used to disable the preempting scheduling completely.
+The minimum value the scheduling algorithm can use is 2 \- use it
+if you want to maximize the message throughput rate. Although there
+is no maximum, it doesn't make much sense to use values above say
+50.
+.PP
+The only reason why the value of 2 is not the default is the way
+this parameter affects the delivery of mailing\-list mail. In the
+worst case, delivery can take somewhere between (cost+1/cost)
+and (cost/cost\-1) times more than if the preemptive scheduler was
+disabled. The default value of 5 turns out to provide reasonable
+message response times while making sure the mailing\-list deliveries
+are not extended by more than 20\-25 percent even in the worst case.
+.PP
+Use \fItransport\fR_delivery_slot_cost to specify a
+transport\-specific override, where \fItransport\fR is the master.cf
+name of the message delivery transport.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+default_delivery_slot_cost = 0
+default_delivery_slot_cost = 2
+.fi
+.ad
+.ft R
+.SH default_delivery_slot_discount (default: 50)
+The default value for transport\-specific _delivery_slot_discount
+settings.
+.PP
+This parameter speeds up the moment when a message preemption can
+happen. Instead of waiting until the full amount of delivery slots
+required is available, the preemption can happen when
+\fItransport\fR_delivery_slot_discount percent of the required amount
+plus \fItransport\fR_delivery_slot_loan still remains to be accumulated.
+Note that the full amount will still have to be accumulated before
+another preemption can take place later.
+.PP
+Use \fItransport\fR_delivery_slot_discount to specify a
+transport\-specific override, where \fItransport\fR is the master.cf
+name of the message delivery transport.
+.SH default_delivery_slot_loan (default: 3)
+The default value for transport\-specific _delivery_slot_loan
+settings.
+.PP
+This parameter speeds up the moment when a message preemption can
+happen. Instead of waiting until the full amount of delivery slots
+required is available, the preemption can happen when
+transport_delivery_slot_discount percent of the required amount
+plus transport_delivery_slot_loan still remains to be accumulated.
+Note that the full amount will still have to be accumulated before
+another preemption can take place later.
+.PP
+Use \fItransport\fR_delivery_slot_loan to specify a
+transport\-specific override, where \fItransport\fR is the master.cf
+name of the message delivery transport.
+.SH default_delivery_status_filter (default: empty)
+Optional filter to replace the delivery status code or explanatory
+text of successful or unsuccessful deliveries. This does not allow
+the replacement of a successful status code (2.X.X) with an
+unsuccessful status code (4.X.X or 5.X.X) or vice versa.
+.PP
+Note: the (smtp|lmtp)_delivery_status_filter is applied only
+once per recipient: when delivery is successful, when delivery is
+rejected with 5XX, or when there are no more alternate MX or A
+destinations. Use smtp_reply_filter or lmtp_reply_filter to inspect
+responses for all delivery attempts.
+.PP
+The following parameters can be used to implement a filter for
+specific delivery agents: lmtp_delivery_status_filter,
+local_delivery_status_filter, pipe_delivery_status_filter,
+smtp_delivery_status_filter or virtual_delivery_status_filter. These
+parameters support the same filter syntax as described here.
+.PP
+Specify zero or more "type:table" lookup table names, separated
+by comma or whitespace. For each successful or unsuccessful delivery
+to a recipient, the tables are queried in the specified order with
+one line of text that is structured as follows:
+.sp
+.in +4
+enhanced\-status\-code SPACE explanatory\-text
+.in -4
+.PP
+The first table match wins. The lookup result must have the
+same structure as the query, a successful status code (2.X.X) must
+be replaced with a successful status code, an unsuccessful status
+code (4.X.X or 5.X.X) must be replaced with an unsuccessful status
+code, and the explanatory text field must be non\-empty. Other results
+will result in a warning.
+.PP
+Example 1: convert specific soft TLS errors into hard errors,
+by overriding the first number in the enhanced status code.
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ smtp_delivery_status_filter = pcre:/etc/postfix/smtp_dsn_filter
+.fi
+.ad
+.ft R
+.in -4
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/smtp_dsn_filter:
+ /^4(\e.\ed+\e.\ed+ TLS is required, but host \eS+ refused to start TLS: .+)/
+ 5$1
+ /^4(\e.\ed+\e.\ed+ TLS is required, but was not offered by host .+)/
+ 5$1
+ # Do not change the following into hard bounces. They may
+ # result from a local configuration problem.
+ # 4.\ed+.\ed+ TLS is required, but our TLS engine is unavailable
+ # 4.\ed+.\ed+ TLS is required, but unavailable
+ # 4.\ed+.\ed+ Cannot start TLS: handshake failure
+.fi
+.ad
+.ft R
+.in -4
+.PP
+Example 2: censor the per\-recipient delivery status text so
+that it does not reveal the destination command or filename
+when a remote sender requests confirmation of successful delivery.
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ local_delivery_status_filter = pcre:/etc/postfix/local_dsn_filter
+.fi
+.ad
+.ft R
+.in -4
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/local_dsn_filter:
+ /^(2\eS+ delivered to file).+/ $1
+ /^(2\eS+ delivered to command).+/ $1
+.fi
+.ad
+.ft R
+.in -4
+.PP
+Notes:
+.IP \(bu
+This feature will NOT override the soft_bounce safety net.
+.IP \(bu
+This feature will change the enhanced status code and text
+that is logged to the maillog file, and that is reported to the
+sender in delivery confirmation or non\-delivery notifications.
+.br
+.PP
+This feature is available in Postfix 3.0 and later.
+.SH default_destination_concurrency_failed_cohort_limit (default: 1)
+How many pseudo\-cohorts must suffer connection or handshake
+failure before a specific destination is considered unavailable
+(and further delivery is suspended). Specify zero to disable this
+feature. A destination's pseudo\-cohort failure count is reset each
+time a delivery completes without connection or handshake failure
+for that specific destination.
+.PP
+A pseudo\-cohort is the number of deliveries equal to a destination's
+delivery concurrency.
+.PP
+Use \fItransport\fR_destination_concurrency_failed_cohort_limit to specify
+a transport\-specific override, where \fItransport\fR is the master.cf
+name of the message delivery transport.
+.PP
+This feature is available in Postfix 2.5. The default setting
+is compatible with earlier Postfix versions.
+.SH default_destination_concurrency_limit (default: 20)
+The default maximal number of parallel deliveries to the same
+destination. This is the default limit for delivery via the \fBlmtp\fR(8),
+\fBpipe\fR(8), \fBsmtp\fR(8) and \fBvirtual\fR(8) delivery agents.
+With a per\-destination recipient limit > 1, a destination is a domain,
+otherwise it is a recipient.
+.PP
+Use \fItransport\fR_destination_concurrency_limit to specify a
+transport\-specific override, where \fItransport\fR is the master.cf
+name of the message delivery transport.
+.SH default_destination_concurrency_negative_feedback (default: 1)
+The per\-destination amount of delivery concurrency negative
+feedback, after a delivery completes with a connection or handshake
+failure. Feedback values are in the range 0..1 inclusive. With
+negative feedback, concurrency is decremented at the beginning of
+a sequence of length 1/feedback. This is unlike positive feedback,
+where concurrency is incremented at the end of a sequence of length
+1/feedback.
+.PP
+As of Postfix version 2.5, negative feedback cannot reduce
+delivery concurrency to zero. Instead, a destination is marked
+dead (further delivery suspended) after the failed pseudo\-cohort
+count reaches $default_destination_concurrency_failed_cohort_limit
+(or $\fItransport\fR_destination_concurrency_failed_cohort_limit).
+To make the scheduler completely immune to connection or handshake
+failures, specify a zero feedback value and a zero failed pseudo\-cohort
+limit.
+.PP
+Specify one of the following forms:
+.IP "\fB\fInumber\fR \fR"
+.IP "\fB\fInumber\fR / \fInumber\fR \fR"
+Constant feedback. The value must be in the range 0..1 inclusive.
+The default setting of "1" is compatible with Postfix versions
+before 2.5, where a destination's delivery concurrency is throttled
+down to zero (and further delivery suspended) after a single failed
+pseudo\-cohort.
+.br
+.IP "\fB\fInumber\fR / concurrency \fR"
+Variable feedback of "\fInumber\fR / (delivery concurrency)".
+The \fInumber\fR must be in the range 0..1 inclusive. With
+\fInumber\fR equal to "1", a destination's delivery concurrency
+is decremented by 1 after each failed pseudo\-cohort.
+.br
+.br
+.PP
+A pseudo\-cohort is the number of deliveries equal to a destination's
+delivery concurrency.
+.PP
+Use \fItransport\fR_destination_concurrency_negative_feedback
+to specify a transport\-specific override, where \fItransport\fR
+is the master.cf
+name of the message delivery transport.
+.PP
+This feature is available in Postfix 2.5. The default setting
+is compatible with earlier Postfix versions.
+.SH default_destination_concurrency_positive_feedback (default: 1)
+The per\-destination amount of delivery concurrency positive
+feedback, after a delivery completes without connection or handshake
+failure. Feedback values are in the range 0..1 inclusive. The
+concurrency increases until it reaches the per\-destination maximal
+concurrency limit. With positive feedback, concurrency is incremented
+at the end of a sequence with length 1/feedback. This is unlike
+negative feedback, where concurrency is decremented at the start
+of a sequence of length 1/feedback.
+.PP
+Specify one of the following forms:
+.IP "\fB\fInumber\fR \fR"
+.IP "\fB\fInumber\fR / \fInumber\fR \fR"
+Constant feedback. The value must be in the range 0..1
+inclusive. The default setting of "1" is compatible with Postfix
+versions before 2.5, where a destination's delivery concurrency
+doubles after each successful pseudo\-cohort.
+.br
+.IP "\fB\fInumber\fR / concurrency \fR"
+Variable feedback of "\fInumber\fR / (delivery concurrency)".
+The \fInumber\fR must be in the range 0..1 inclusive. With
+\fInumber\fR equal to "1", a destination's delivery concurrency
+is incremented by 1 after each successful pseudo\-cohort.
+.br
+.br
+.PP
+A pseudo\-cohort is the number of deliveries equal to a destination's
+delivery concurrency.
+.PP
+Use \fItransport\fR_destination_concurrency_positive_feedback
+to specify a transport\-specific override, where \fItransport\fR
+is the master.cf name of the message delivery transport.
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH default_destination_rate_delay (default: 0s)
+The default amount of delay that is inserted between individual
+message deliveries to the same destination and over the same message
+delivery transport. Specify a non\-zero value to rate\-limit those
+message deliveries to at most one per $default_destination_rate_delay.
+.PP
+The resulting behavior depends on the value of the corresponding
+per\-destination recipient limit.
+.IP \(bu
+With a corresponding per\-destination recipient limit >
+1, the rate delay specifies the time between deliveries to the
+\fIsame domain\fR. Different domains are delivered in parallel,
+subject to the process limits specified in master.cf.
+.IP \(bu
+With a corresponding per\-destination recipient limit equal
+to 1, the rate delay specifies the time between deliveries to the
+\fIsame recipient\fR. Different recipients are delivered in
+parallel, subject to the process limits specified in master.cf.
+.br
+.PP
+To enable the delay, specify a non\-zero time value (an integral
+value plus an optional one\-letter suffix that specifies the time
+unit).
+.PP
+Time units: s (seconds), m (minutes), h (hours), d (days), w
+(weeks). The default time unit is s (seconds).
+.PP
+NOTE: the delay is enforced by the queue manager. The delay
+timer state does not survive "\fBpostfix reload\fR" or "\fBpostfix
+stop\fR".
+.PP
+Use \fItransport\fR_destination_rate_delay to specify a
+transport\-specific override, where \fItransport\fR is the master.cf
+name of the message delivery transport.
+.PP
+NOTE: with a non\-zero _destination_rate_delay, specify a
+\fItransport\fR_destination_concurrency_failed_cohort_limit of 10
+or more to prevent Postfix from deferring all mail for the same
+destination after only one connection or handshake error.
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH default_destination_recipient_limit (default: 50)
+The default maximal number of recipients per message delivery.
+This is the default limit for delivery via the \fBlmtp\fR(8), \fBpipe\fR(8),
+\fBsmtp\fR(8) and \fBvirtual\fR(8) delivery agents.
+.PP
+Setting this parameter to a value of 1 affects email deliveries
+as follows:
+.IP \(bu
+It changes the meaning of the corresponding per\-destination
+concurrency limit, from concurrency of deliveries to the \fIsame
+domain\fR into concurrency of deliveries to the \fIsame recipient\fR.
+Different recipients are delivered in parallel, subject to the
+process limits specified in master.cf.
+.IP \(bu
+It changes the meaning of the corresponding per\-destination
+rate delay, from the delay between deliveries to the \fIsame
+domain\fR into the delay between deliveries to the \fIsame
+recipient\fR. Again, different recipients are delivered in parallel,
+subject to the process limits specified in master.cf.
+.IP \(bu
+It changes the meaning of other corresponding per\-destination
+settings in a similar manner, from settings for delivery to the
+\fIsame domain\fR into settings for delivery to the \fIsame
+recipient\fR.
+.br
+.PP
+Use \fItransport\fR_destination_recipient_limit to specify a
+transport\-specific override, where \fItransport\fR is the master.cf
+name of the message delivery transport.
+.SH default_extra_recipient_limit (default: 1000)
+The default value for the extra per\-transport limit imposed on the
+number of in\-memory recipients. This extra recipient space is
+reserved for the cases when the Postfix queue manager's scheduler
+preempts one message with another and suddenly needs some extra
+recipient slots for the chosen message in order to avoid performance
+degradation.
+.PP
+Use \fItransport\fR_extra_recipient_limit to specify a
+transport\-specific override, where \fItransport\fR is the master.cf
+name of the message delivery transport.
+.SH default_filter_nexthop (default: empty)
+When a content_filter or FILTER request specifies no explicit
+next\-hop destination, use $default_filter_nexthop instead; when
+that value is empty, use the domain in the recipient address.
+Specify "default_filter_nexthop = $myhostname" for compatibility
+with Postfix version 2.6 and earlier, or specify an explicit next\-hop
+destination with each content_filter value or FILTER action.
+.PP
+This feature is available in Postfix 2.7 and later.
+.SH default_minimum_delivery_slots (default: 3)
+How many recipients a message must have in order to invoke the
+Postfix queue manager's scheduling algorithm at all. Messages
+which would never accumulate at least this many delivery slots
+(subject to slot cost parameter as well) are never preempted.
+.PP
+Use \fItransport\fR_minimum_delivery_slots to specify a
+transport\-specific override, where \fItransport\fR is the master.cf
+name of the message delivery transport.
+.SH default_privs (default: nobody)
+The default rights used by the \fBlocal\fR(8) delivery agent for delivery
+to an external file or command. These rights are used when delivery
+is requested from an \fBaliases\fR(5) file that is owned by \fBroot\fR, or
+when delivery is done on behalf of \fBroot\fR. \fBDO NOT SPECIFY A
+PRIVILEGED USER OR THE POSTFIX OWNER\fR.
+.SH default_process_limit (default: 100)
+The default maximal number of Postfix child processes that provide
+a given service. This limit can be overruled for specific services
+in the master.cf file.
+.SH default_rbl_reply (default: see "postconf \-d" output)
+The default Postfix SMTP server response template for a request that is
+rejected by an RBL\-based restriction. This template can be overruled
+by specific entries in the optional rbl_reply_maps lookup table.
+.PP
+This feature is available in Postfix 2.0 and later.
+.PP
+The template does not support Postfix configuration parameter $name
+substitution. Instead, it supports exactly one level of $name
+substitution for the following attributes:
+.IP "\fB$client\fR"
+The client hostname and IP address, formatted as name[address].
+.br
+.IP "\fB$client_address\fR"
+The client IP address.
+.br
+.IP "\fB$client_name\fR"
+The client hostname or "unknown". See reject_unknown_client_hostname
+for more details.
+.br
+.IP "\fB$reverse_client_name\fR"
+The client hostname from address\->name lookup, or "unknown".
+See reject_unknown_reverse_client_hostname for more details.
+.br
+.IP "\fB$helo_name\fR"
+The hostname given in HELO or EHLO command or empty string.
+.br
+.IP "\fB$rbl_class\fR"
+The denylisted entity type: Client host, Helo command, Sender
+address, or Recipient address.
+.br
+.IP "\fB$rbl_code\fR"
+The numerical SMTP response code, as specified with the
+maps_rbl_reject_code configuration parameter. Note: The numerical
+SMTP response code is required, and must appear at the start of the
+reply. With Postfix version 2.3 and later this information may be followed
+by an RFC 3463 enhanced status code.
+.br
+.IP "\fB$rbl_domain\fR"
+The RBL domain where $rbl_what is denylisted.
+.br
+.IP "\fB$rbl_reason\fR"
+The reason why $rbl_what is denylisted, or an empty string.
+.br
+.IP "\fB$rbl_what\fR"
+The entity that is denylisted (an IP address, a hostname, a domain
+name, or an email address whose domain was denylisted).
+.br
+.IP "\fB$recipient\fR"
+The recipient address or <> in case of the null address.
+.br
+.IP "\fB$recipient_domain\fR"
+The recipient domain or empty string.
+.br
+.IP "\fB$recipient_name\fR"
+The recipient address localpart or <> in case of null address.
+.br
+.IP "\fB$sender\fR"
+The sender address or <> in case of the null address.
+.br
+.IP "\fB$sender_domain\fR"
+The sender domain or empty string.
+.br
+.IP "\fB$sender_name\fR"
+The sender address localpart or <> in case of the null address.
+.br
+.IP "\fB${name?value}\fR"
+.IP "\fB${name?{value}}\fR (Postfix >= 3.0)"
+Expands to \fIvalue\fR when \fI$name\fR is non\-empty.
+.br
+.IP "\fB${name:value}\fR"
+.IP "\fB${name:{value}}\fR (Postfix >= 3.0)"
+Expands to \fIvalue\fR when \fI$name\fR is empty.
+.br
+.IP "\fB${name?{value1}:{value2}}\fR (Postfix >= 3.0)"
+Expands to \fIvalue1\fR when \fI$name\fR is non\-empty,
+\fIvalue2\fR otherwise.
+.br
+.br
+.PP
+Instead of $name you can also specify ${name} or $(name).
+.PP
+Note: when an enhanced status code is specified in an RBL reply
+template, it is subject to modification. The following transformations
+are needed when the same RBL reply template is used for client,
+helo, sender, or recipient access restrictions.
+.IP \(bu
+When rejecting a sender address, the Postfix SMTP server
+will transform a recipient DSN status (e.g., 4.1.1\-4.1.6) into the
+corresponding sender DSN status, and vice versa.
+.IP \(bu
+When rejecting non\-address information (such as the HELO
+command argument or the client hostname/address), the Postfix SMTP
+server will transform a sender or recipient DSN status into a generic
+non\-address DSN status (e.g., 4.0.0).
+.br
+.SH default_recipient_limit (default: 20000)
+The default per\-transport upper limit on the number of in\-memory
+recipients. These limits take priority over the global
+qmgr_message_recipient_limit after the message has been assigned
+to the respective transports. See also default_extra_recipient_limit
+and qmgr_message_recipient_minimum.
+.PP
+Use \fItransport\fR_recipient_limit to specify a
+transport\-specific override, where \fItransport\fR is the master.cf
+name of the message delivery transport.
+.SH default_recipient_refill_delay (default: 5s)
+The default per\-transport maximum delay between refilling recipients.
+When not all message recipients fit into memory at once, keep loading
+more of them at least once every this many seconds. This is used to
+make sure the recipients are refilled in a timely manner even when
+$default_recipient_refill_limit is too high for too slow deliveries.
+.PP
+Use \fItransport\fR_recipient_refill_delay to specify a
+transport\-specific override, where \fItransport\fR is the master.cf
+name of the message delivery transport.
+.PP
+This feature is available in Postfix 2.4 and later.
+.SH default_recipient_refill_limit (default: 100)
+The default per\-transport limit on the number of recipients refilled at
+once. When not all message recipients fit into memory at once, keep
+loading more of them in batches of at least this many at a time. See also
+$default_recipient_refill_delay, which may result in recipient batches
+lower than this when this limit is too high for too slow deliveries.
+.PP
+Use \fItransport\fR_recipient_refill_limit to specify a
+transport\-specific override, where \fItransport\fR is the master.cf
+name of the message delivery transport.
+.PP
+This feature is available in Postfix 2.4 and later.
+.SH default_transport (default: smtp)
+The default mail delivery transport and next\-hop destination for
+destinations that do not match $mydestination, $inet_interfaces,
+$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains,
+or $relay_domains. This information can be overruled with the
+sender_dependent_default_transport_maps parameter and with the
+\fBtransport\fR(5) table.
+.PP
+In order of decreasing precedence, the nexthop destination is taken
+from $sender_dependent_default_transport_maps, $default_transport,
+$sender_dependent_relayhost_maps, $relayhost, or from the recipient
+domain.
+.PP
+Specify a string of the form \fItransport:nexthop\fR, where \fItransport\fR
+is the name of a mail delivery transport defined in master.cf.
+The \fI:nexthop\fR destination is optional; its syntax is documented
+in the manual page of the corresponding delivery agent. In the case of
+SMTP or LMTP, specify one or more destinations separated by comma or
+whitespace (with Postfix 3.5 and later).
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+default_transport = uucp:relayhostname
+.fi
+.ad
+.ft R
+.SH default_transport_rate_delay (default: 0s)
+The default amount of delay that is inserted between individual
+message deliveries over the same message delivery transport,
+regardless of destination. Specify a non\-zero value to rate\-limit
+those message deliveries to at most one per $default_transport_rate_delay.
+.PP
+Use \fItransport\fR_transport_rate_delay to specify a
+transport\-specific override, where the initial \fItransport\fR is
+the master.cf name of the message delivery transport.
+.PP
+Example: throttle outbound SMTP mail to at most 3 deliveries
+per minute.
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ smtp_transport_rate_delay = 20s
+.fi
+.ad
+.ft R
+.PP
+To enable the delay, specify a non\-zero time value (an integral
+value plus an optional one\-letter suffix that specifies the time
+unit).
+.PP
+Time units: s (seconds), m (minutes), h (hours), d (days), w
+(weeks). The default time unit is s (seconds).
+.PP
+NOTE: the delay is enforced by the queue manager.
+.PP
+This feature is available in Postfix 3.1 and later.
+.SH default_verp_delimiters (default: +=)
+The two default VERP delimiter characters. These are used when
+no explicit delimiters are specified with the SMTP XVERP command
+or with the "\fBsendmail \-XV\fR" command\-line option (Postfix 2.2
+and earlier: \fB\-V\fR). Specify characters that are allowed by the
+verp_delimiter_filter setting.
+.PP
+This feature is available in Postfix 1.1 and later.
+.SH defer_code (default: 450)
+The numerical Postfix SMTP server response code when a remote SMTP
+client request is rejected by the "defer" restriction.
+.PP
+Do not change this unless you have a complete understanding of RFC 5321.
+.SH defer_service_name (default: defer)
+The name of the defer service. This service is implemented by the
+\fBbounce\fR(8) daemon and maintains a record
+of failed delivery attempts and generates non\-delivery notifications.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH defer_transports (default: empty)
+The names of message delivery transports that should not deliver mail
+unless someone issues "\fBsendmail \-q\fR" or equivalent. Specify zero
+or more mail delivery transport names that appear in the
+first field of master.cf.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+defer_transports = smtp
+.fi
+.ad
+.ft R
+.SH delay_logging_resolution_limit (default: 2)
+The maximal number of digits after the decimal point when logging
+sub\-second delay values. Specify a number in the range 0..6.
+.PP
+Large delay values are rounded off to an integral number of seconds;
+delay values below the delay_logging_resolution_limit are logged
+as "0", and delay values under 100s are logged with at most two\-digit
+precision.
+.PP
+The format of the "delays=a/b/c/d" logging is as follows:
+.IP \(bu
+a = time from message arrival to last active queue entry
+.IP \(bu
+b = time from last active queue entry to connection setup
+.IP \(bu
+c = time in connection setup, including DNS, EHLO and STARTTLS
+.IP \(bu
+d = time in message transmission
+.br
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH delay_notice_recipient (default: postmaster)
+The recipient of postmaster notifications with the message headers
+of mail that cannot be delivered within $delay_warning_time time
+units.
+.PP
+See also: delay_warning_time, notify_classes.
+.SH delay_warning_time (default: 0h)
+The time after which the sender receives a copy of the message
+headers of mail that is still queued. The confirm_delay_cleared
+parameter controls sender notification when the delay clears up.
+.PP
+To enable this feature, specify a non\-zero time value (an integral
+value plus an optional one\-letter suffix that specifies the time
+unit).
+.PP
+Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is h (hours).
+.PP
+See also: delay_notice_recipient, notify_classes, confirm_delay_cleared.
+.SH deliver_lock_attempts (default: 20)
+The maximal number of attempts to acquire an exclusive lock on a
+mailbox file or \fBbounce\fR(8) logfile.
+.SH deliver_lock_delay (default: 1s)
+The time between attempts to acquire an exclusive lock on a mailbox
+file or \fBbounce\fR(8) logfile.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH destination_concurrency_feedback_debug (default: no)
+Make the queue manager's feedback algorithm verbose for performance
+analysis purposes.
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH detect_8bit_encoding_header (default: yes)
+Automatically detect 8BITMIME body content by looking at
+Content\-Transfer\-Encoding: message headers; historically, this
+behavior was hard\-coded to be "always on".
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH disable_dns_lookups (default: no)
+Disable DNS lookups in the Postfix SMTP and LMTP clients. When
+disabled, hosts are looked up with the getaddrinfo() system
+library routine which normally also looks in /etc/hosts. As of
+Postfix 2.11, this parameter is deprecated; use smtp_dns_support_level
+instead.
+.PP
+DNS lookups are enabled by default.
+.SH disable_mime_input_processing (default: no)
+Turn off MIME processing while receiving mail. This means that no
+special treatment is given to Content\-Type: message headers, and
+that all text after the initial message headers is considered to
+be part of the message body.
+.PP
+This feature is available in Postfix 2.0 and later.
+.PP
+Mime input processing is enabled by default, and is needed in order
+to recognize MIME headers in message content.
+.SH disable_mime_output_conversion (default: no)
+Disable the conversion of 8BITMIME format to 7BIT format. Mime
+output conversion is needed when the destination does not advertise
+8BITMIME support.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH disable_verp_bounces (default: no)
+Disable sending one bounce report per recipient.
+.PP
+The default, one per recipient, is what ezmlm needs.
+.PP
+This feature is available in Postfix 1.1 and later.
+.SH disable_vrfy_command (default: no)
+Disable the SMTP VRFY command. This stops some techniques used to
+harvest email addresses.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+disable_vrfy_command = no
+.fi
+.ad
+.ft R
+.SH dns_ncache_ttl_fix_enable (default: no)
+Enable a workaround for future libc incompatibility. The Postfix
+implementation of RFC 2308 negative reply caching relies on the
+promise that res_query() and res_search() invoke res_send(), which
+returns the server response in an application buffer even if the
+requested record does not exist. If this promise is broken, specify
+"yes" to enable a workaround for DNS reputation lookups.
+.PP
+This feature is available in Postfix 3.1 and later.
+.SH dnsblog_reply_delay (default: 0s)
+A debugging aid to artificially delay DNS responses.
+.PP
+This feature is available in Postfix 2.8.
+.SH dnsblog_service_name (default: dnsblog)
+The name of the \fBdnsblog\fR(8) service entry in master.cf. This
+service performs DNS allow/denylist lookups.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH dnssec_probe (default: ns:.)
+The DNS query type (default: "ns") and DNS query name (default:
+".") that Postfix may use to determine whether DNSSEC validation
+is available.
+.PP
+Background: DNSSEC validation is needed for Postfix DANE support;
+this ensures that Postfix receives TLSA records with secure TLS
+server certificate info. When DNSSEC validation is unavailable,
+mail deliveries using \fIopportunistic\fR DANE will not be protected
+by server certificate info in TLSA records, and mail deliveries
+using \fImandatory\fR DANE will not be made at all.
+.PP
+By default, a Postfix process will send a DNSSEC probe after
+1) the process made a DNS query that requested DNSSEC validation,
+2) the process did not receive a DNSSEC validated response to this
+query or to an earlier query, and 3) the process did not already
+send a DNSSEC probe.
+.PP
+When the DNSSEC probe has no response, or when the response is
+not DNSSEC validated, Postfix logs a warning that DNSSEC validation
+may be unavailable.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+warning: DNSSEC validation may be unavailable
+warning: reason: dnssec_probe 'ns:.' received a response that is not DNSSEC validated
+warning: reason: dnssec_probe 'ns:.' received no response: Server failure
+.fi
+.ad
+.ft R
+.PP
+Possible reasons why DNSSEC validation may be unavailable:
+.IP \(bu
+The local /etc/resolv.conf file specifies a DNS resolver that
+does not validate DNSSEC signatures (that's
+$queue_directory/etc/resolv.conf when a Postfix daemon runs in a
+chroot jail).
+.IP \(bu
+The local system library does not pass on the "DNSSEC validated"
+bit to Postfix, or Postfix does not know how to ask the library to
+do that.
+.br
+.PP
+By default, the DNSSEC probe asks for the DNS root zone NS
+records, because resolvers should always have that information
+cached. If Postfix runs on a network where the DNS root zone is not
+reachable, specify a different probe, or specify an empty dnssec_probe
+value to disable the feature.
+.PP
+This feature is available in Postfix 3.6 and later. It was backported
+to Postfix versions 3.5.9, 3.4.19, 3.3.16. 3.2.21.
+.SH dont_remove (default: 0)
+Don't remove queue files and save them to the "saved" mail queue.
+This is a debugging aid. To inspect the envelope information and
+content of a Postfix queue file, use the \fBpostcat\fR(1) command.
+.SH double_bounce_sender (default: double\-bounce)
+The sender address of postmaster notifications that are generated
+by the mail system. All mail to this address is silently discarded,
+in order to terminate mail bounce loops.
+.SH duplicate_filter_limit (default: 1000)
+The maximal number of addresses remembered by the address
+duplicate filter for \fBaliases\fR(5) or \fBvirtual\fR(5) alias expansion, or
+for \fBshowq\fR(8) queue displays.
+.SH empty_address_default_transport_maps_lookup_key (default: <>)
+The sender_dependent_default_transport_maps search string that
+will be used instead of the null sender address.
+.PP
+This feature is available in Postfix 2.7 and later.
+.SH empty_address_local_login_sender_maps_lookup_key (default: <>)
+The lookup key to be used in local_login_sender_maps tables, instead
+of the null sender address.
+.PP
+This feature is available in Postfix 3.6 and later.
+.SH empty_address_recipient (default: MAILER\-DAEMON)
+The recipient of mail addressed to the null address. Postfix does
+not accept such addresses in SMTP commands, but they may still be
+created locally as the result of configuration or software error.
+.SH empty_address_relayhost_maps_lookup_key (default: <>)
+The sender_dependent_relayhost_maps search string that will be
+used instead of the null sender address.
+.PP
+This feature is available in Postfix 2.5 and later. With
+earlier versions, sender_dependent_relayhost_maps lookups were
+skipped for the null sender address.
+.SH enable_errors_to (default: no)
+Report mail delivery errors to the address specified with the
+non\-standard Errors\-To: message header, instead of the envelope
+sender address (this feature is removed with Postfix version 2.2, is
+turned off by default with Postfix version 2.1, and is always turned on
+with older Postfix versions).
+.SH enable_idna2003_compatibility (default: no)
+Enable 'transitional' compatibility between IDNA2003 and IDNA2008,
+when converting UTF\-8 domain names to/from the ASCII form that is
+used for DNS lookups. Specify "yes" for compatibility with Postfix
+<= 3.1 (not recommended). This affects the conversion of domain
+names that contain for example the German sz and the Greek zeta.
+See http://unicode.org/cldr/utility/idna.jsp for more examples.
+.PP
+This feature is available in Postfix 3.2 and later.
+.SH enable_long_queue_ids (default: no)
+Enable long, non\-repeating, queue IDs (queue file names). The
+benefit of non\-repeating names is simpler logfile analysis and
+easier queue migration (there is no need to run "postsuper" to
+change queue file names that don't match their message file inode
+number).
+.PP
+Note: see below for how to convert long queue file names to
+Postfix <= 2.8.
+.PP
+Changing the parameter value to "yes" has the following effects:
+.IP \(bu
+Existing queue file names are not affected.
+.IP \(bu
+New queue files are created with names such as 3Pt2mN2VXxznjll.
+These are encoded in a 52\-character alphabet that contains digits
+(0\-9), upper\-case letters (B\-Z) and lower\-case letters (b\-z). For
+safety reasons the vowels (AEIOUaeiou) are excluded from the alphabet.
+The name format is: 6 or more characters for the time in seconds,
+4 characters for the time in microseconds, the 'z'; the remainder
+is the file inode number encoded in the first 51 characters of the
+52\-character alphabet.
+.IP \(bu
+New messages have a Message\-ID header with
+\fIqueueID\fR@\fImyhostname\fR.
+.IP \(bu
+The mailq (postqueue \-p) output has a wider Queue ID column.
+The number of whitespace\-separated fields is not changed.
+.IP \(bu
+The hash_queue_depth algorithm uses the first characters
+of the queue file creation time in microseconds, after conversion
+into hexadecimal representation. This produces the same queue hashing
+behavior as if the queue file name was created with "enable_long_queue_ids
+= no".
+.br
+.PP
+Changing the parameter value to "no" has the following effects:
+.IP \(bu
+Existing long queue file names are renamed to the short
+form (while running "postfix reload" or "postsuper").
+.IP \(bu
+New queue files are created with names such as C3CD21F3E90
+from a hexadecimal alphabet that contains digits (0\-9) and upper\-case
+letters (A\-F). The name format is: 5 characters for the time in
+microseconds; the remainder is the file inode number.
+.IP \(bu
+New messages have a Message\-ID header with
+\fIYYYYMMDDHHMMSS.queueid\fR@\fImyhostname\fR, where
+\fIYYYYMMDDHHMMSS\fR are the year, month, day, hour, minute and
+second.
+.IP \(bu
+The mailq (postqueue \-p) output has the same format as
+with Postfix <= 2.8.
+.IP \(bu
+The hash_queue_depth algorithm uses the first characters
+of the queue file name, with the hexadecimal representation of the
+file creation time in microseconds.
+.br
+.PP
+Before migration to Postfix <= 2.8, the following commands
+are required to convert long queue file names into short names:
+.PP
+.nf
+.na
+.ft C
+# postfix stop
+# postconf enable_long_queue_ids=no
+# postsuper
+.fi
+.ad
+.ft R
+.PP
+Repeat the postsuper command until it reports no more queue file
+name changes.
+.PP
+This feature is available in Postfix 2.9 and later.
+.SH enable_original_recipient (default: yes)
+Enable support for the original recipient address after an
+address is rewritten to a different address (for example with
+aliasing or with canonical mapping).
+.PP
+The original recipient address is used as follows:
+.IP "Final delivery"
+With "enable_original_recipient =
+yes", the original recipient address is stored in the \fBX\-Original\-To\fR
+message header. This header may be used to distinguish between
+different recipients that share the same mailbox.
+.br
+.IP "Recipient deduplication"
+With "enable_original_recipient
+= yes", the \fBcleanup\fR(8) daemon performs duplicate recipient elimination
+based on the content of (original recipient, maybe\-rewritten
+recipient) pairs. Otherwise, the \fBcleanup\fR(8) daemon performs duplicate
+recipient elimination based only on the maybe\-rewritten recipient
+address.
+.br
+.br
+.PP
+Note: with Postfix <= 3.2 the "setting enable_original_recipient
+= \fBno\fR" breaks address verification for addresses that are
+aliased or otherwise rewritten (Postfix is unable to store the
+address verification result under the original probe destination
+address; instead, it can store the result only under the rewritten
+address).
+.PP
+This feature is available in Postfix 2.1 and later. Postfix
+version 2.0 behaves as if this parameter is always set to \fByes\fR.
+Postfix versions before 2.0 have no support for the original recipient
+address.
+.SH enable_threaded_bounces (default: no)
+Enable non\-delivery, success, and delay notifications that link
+to the original message by including a References: and In\-Reply\-To:
+header with the original Message\-ID value. There are advantages and
+disadvantages to consider.
+.IP "\fB advantage \fR"
+This allows mail readers to present
+a delivery status notification in the same email thread as the original
+message.
+.br
+.IP "\fB disadvantage \fR"
+This makes it easy for users to
+mistakenly delete the whole email thread (all related messages),
+instead of deleting only the non\-delivery notification.
+.br
+.br
+.PP
+This feature is available in Postfix 3.6 and later.
+.SH error_notice_recipient (default: postmaster)
+The recipient of postmaster notifications about mail delivery
+problems that are caused by policy, resource, software or protocol
+errors. These notifications are enabled with the notify_classes
+parameter.
+.SH error_service_name (default: error)
+The name of the \fBerror\fR(8) pseudo delivery agent. This service always
+returns mail as undeliverable.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH execution_directory_expansion_filter (default: see "postconf \-d" output)
+Restrict the characters that the \fBlocal\fR(8) delivery agent allows
+in $name expansions of $command_execution_directory. Characters
+outside the allowed set are replaced by underscores.
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH expand_owner_alias (default: no)
+When delivering to an alias "\fIaliasname\fR" that has an
+"owner\-\fIaliasname\fR" companion alias, set the envelope sender
+address to the expansion of the "owner\-\fIaliasname\fR" alias.
+Normally, Postfix sets the envelope sender address to the name of
+the "owner\-\fIaliasname\fR" alias.
+.SH export_environment (default: see "postconf \-d" output)
+The list of environment variables that a Postfix process will export
+to non\-Postfix processes. The TZ variable is needed for sane
+time keeping on System\-V\-ish systems.
+.PP
+Specify a list of names and/or name=value pairs, separated by
+whitespace or comma. Specify "{ name=value }" to protect whitespace
+or comma in parameter values (whitespace after the opening "{" and
+before the closing "}"
+is ignored). The form name=value is supported with Postfix version
+2.1 and later; the use of {} is supported with Postfix 3.0 and
+later.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+export_environment = TZ PATH=/bin:/usr/bin
+.fi
+.ad
+.ft R
+.SH extract_recipient_limit (default: 10240)
+The maximal number of recipient addresses that Postfix will extract
+from message headers when mail is submitted with "\fBsendmail \-t\fR".
+.PP
+This feature was removed in Postfix version 2.1.
+.SH fallback_relay (default: empty)
+Optional list of relay hosts for SMTP destinations that can't be
+found or that are unreachable. With Postfix 2.3 this parameter
+is renamed to smtp_fallback_relay.
+.PP
+By default, mail is returned to the sender when a destination is
+not found, and delivery is deferred when a destination is unreachable.
+.PP
+The fallback relays must be SMTP destinations. Specify a domain,
+host, host:port, [host]:port, [address] or [address]:port; the form
+[host] turns off MX lookups. If you specify multiple SMTP
+destinations, Postfix will try them in the specified order.
+.PP
+Note: before Postfix 2.2, do not use the fallback_relay feature
+when relaying mail
+for a backup or primary MX domain. Mail would loop between the
+Postfix MX host and the fallback_relay host when the final destination
+is unavailable.
+.IP \(bu
+In main.cf specify "relay_transport = relay",
+.IP \(bu
+In master.cf specify "\-o fallback_relay =" (i.e., empty) at
+the end of the relay entry.
+.IP \(bu
+In transport maps, specify "relay:\fInexthop...\fR"
+as the right\-hand side for backup or primary MX domain entries.
+.br
+.PP
+Postfix version 2.2 and later will not use the fallback_relay feature
+for destinations that it is MX host for.
+.SH fallback_transport (default: empty)
+Optional message delivery transport that the \fBlocal\fR(8) delivery
+agent should use for names that are not found in the \fBaliases\fR(5)
+or UNIX password database.
+.PP
+The precedence of \fBlocal\fR(8) delivery features from high to low
+is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
+mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
+fallback_transport_maps, fallback_transport and luser_relay.
+.SH fallback_transport_maps (default: empty)
+Optional lookup tables with per\-recipient message delivery
+transports for recipients that the \fBlocal\fR(8) delivery agent could
+not find in the \fBaliases\fR(5) or UNIX password database.
+.PP
+The precedence of \fBlocal\fR(8) delivery features from high to low
+is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
+mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
+fallback_transport_maps, fallback_transport and luser_relay.
+.PP
+For safety reasons, this feature does not allow $number
+substitutions in regular expression maps.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH fast_flush_domains (default: $relay_domains)
+Optional list of destinations that are eligible for per\-destination
+logfiles with mail that is queued to those destinations.
+.PP
+By default, Postfix maintains "fast flush" logfiles only for
+destinations that the Postfix SMTP server is willing to relay to
+(i.e. the default is: "fast_flush_domains = $relay_domains"; see
+the relay_domains parameter in the \fBpostconf\fR(5) manual).
+.PP
+Specify a list of hosts or domains, "/file/name" patterns or
+"type:table" lookup tables, separated by commas and/or whitespace.
+Continue long lines by starting the next line with whitespace. A
+"/file/name" pattern is replaced by its contents; a "type:table"
+lookup table is matched when the domain or its parent domain appears
+as lookup key.
+.PP
+Pattern matching of domain names is controlled by the presence
+or absence of "fast_flush_domains" in the parent_domain_matches_subdomains
+parameter value.
+.PP
+Specify "fast_flush_domains =" (i.e., empty) to disable the feature
+altogether.
+.SH fast_flush_purge_time (default: 7d)
+The time after which an empty per\-destination "fast flush" logfile
+is deleted.
+.PP
+You can specify the time as a number, or as a number followed by
+a letter that indicates the time unit: s=seconds, m=minutes, h=hours,
+d=days, w=weeks. The default time unit is days.
+.SH fast_flush_refresh_time (default: 12h)
+The time after which a non\-empty but unread per\-destination "fast
+flush" logfile needs to be refreshed. The contents of a logfile
+are refreshed by requesting delivery of all messages listed in the
+logfile.
+.PP
+You can specify the time as a number, or as a number followed by
+a letter that indicates the time unit: s=seconds, m=minutes, h=hours,
+d=days, w=weeks. The default time unit is hours.
+.SH fault_injection_code (default: 0)
+Force specific internal tests to fail, to test the handling of
+errors that are difficult to reproduce otherwise.
+.SH flush_service_name (default: flush)
+The name of the \fBflush\fR(8) service. This service maintains per\-destination
+logfiles with the queue file names of mail that is queued for those
+destinations.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH fork_attempts (default: 5)
+The maximal number of attempts to fork() a child process.
+.SH fork_delay (default: 1s)
+The delay between attempts to fork() a child process.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH forward_expansion_filter (default: see "postconf \-d" output)
+Restrict the characters that the \fBlocal\fR(8) delivery agent allows in
+$name expansions of $forward_path. Characters outside the
+allowed set are replaced by underscores.
+.SH forward_path (default: see "postconf \-d" output)
+The \fBlocal\fR(8) delivery agent search list for finding a .forward
+file with user\-specified delivery methods. The first file that is
+found is used.
+.PP
+The forward_path value is not subject to Postfix configuration
+parameter $name expansion. Instead, the following $name expansions
+are done on forward_path before the search actually happens.
+The result of $name expansion is
+filtered with the character set that is specified with the
+forward_expansion_filter parameter.
+.IP "\fB$user\fR"
+The recipient's username.
+.br
+.IP "\fB$shell\fR"
+The recipient's login shell pathname.
+.br
+.IP "\fB$home\fR"
+The recipient's home directory.
+.br
+.IP "\fB$recipient\fR"
+The full recipient address.
+.br
+.IP "\fB$extension\fR"
+The optional recipient address extension.
+.br
+.IP "\fB$domain\fR"
+The recipient domain.
+.br
+.IP "\fB$local\fR"
+The entire recipient localpart.
+.br
+.IP "\fB$recipient_delimiter\fR"
+The address extension delimiter that was found in the recipient
+address (Postfix 2.11 and later), or the 'first' delimiter specified
+with the system\-wide recipient address extension delimiter (Postfix
+3.5.22, 3.5.12, 3.7.8, 3.8.3 and later). Historically, this was
+always the system\-wide recipient
+address extension delimiter (Postfix 2.10 and earlier).
+.br
+.IP "\fB${name?value}\fR"
+.IP "\fB${name?{value}}\fR (Postfix >= 3.0)"
+Expands to \fIvalue\fR when \fI$name\fR is non\-empty.
+.br
+.IP "\fB${name:value}\fR"
+.IP "\fB${name:{value}}\fR (Postfix >= 3.0)"
+Expands to \fIvalue\fR when \fI$name\fR is empty.
+.br
+.IP "\fB${name?{value1}:{value2}}\fR (Postfix >= 3.0)"
+Expands to \fIvalue1\fR when \fI$name\fR is non\-empty,
+\fIvalue2\fR otherwise.
+.br
+.br
+.PP
+Instead of $name you can also specify ${name} or $(name).
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+forward_path = /var/forward/$user
+forward_path =
+ /var/forward/$user/.forward$recipient_delimiter$extension,
+ /var/forward/$user/.forward
+.fi
+.ad
+.ft R
+.SH frozen_delivered_to (default: yes)
+Update the \fBlocal\fR(8) delivery agent's idea of the Delivered\-To:
+address (see prepend_delivered_header) only once, at the start of
+a delivery attempt; do not update the Delivered\-To: address while
+expanding aliases or .forward files.
+.PP
+This feature is available in Postfix 2.3 and later. With older
+Postfix releases, the behavior is as if this parameter is set to
+"no". The old setting can be expensive with deeply nested aliases
+or .forward files. When an alias or .forward file changes the
+Delivered\-To: address, it ties up one queue file and one cleanup
+process instance while mail is being forwarded.
+.SH hash_queue_depth (default: 1)
+The number of subdirectory levels for queue directories listed with
+the hash_queue_names parameter. Queue hashing is implemented by
+creating one or more levels of directories with one\-character names.
+Originally, these directory names were equal to the first characters
+of the queue file name, with the hexadecimal representation of the
+file creation time in microseconds.
+.PP
+With long queue file names, queue hashing produces the same
+results as with short names. The file creation time in microseconds
+is converted into hexadecimal form before the result is used for
+queue hashing. The base 16 encoding gives finer control over the
+number of subdirectories than is possible with the base 52 encoding
+of long queue file names.
+.PP
+After changing the hash_queue_names or hash_queue_depth parameter,
+execute the command "\fBpostfix reload\fR".
+.SH hash_queue_names (default: deferred, defer)
+The names of queue directories that are split across multiple
+subdirectory levels.
+.PP
+Before Postfix version 2.2, the default list of hashed queues
+was significantly larger. Claims about improvements in file system
+technology suggest that hashing of the incoming and active queues
+is no longer needed. Fewer hashed directories speed up the time
+needed to restart Postfix.
+.PP
+After changing the hash_queue_names or hash_queue_depth parameter,
+execute the command "\fBpostfix reload\fR".
+.SH header_address_token_limit (default: 10240)
+The maximal number of address tokens are allowed in an address
+message header. Information that exceeds the limit is discarded.
+The limit is enforced by the \fBcleanup\fR(8) server.
+.SH header_checks (default: empty)
+Optional lookup tables for content inspection of primary non\-MIME
+message headers, as specified in the \fBheader_checks\fR(5) manual page.
+.SH header_from_format (default: standard)
+The format of the Postfix\-generated \fBFrom:\fR header. This
+setting affects the appearance of 'full name' information when a
+local program such as /bin/mail submits a message without a From:
+header through the Postfix \fBsendmail\fR(1) command.
+.PP
+Specify one of the following:
+.IP "\fBstandard\fR (default)"
+Produce a header formatted
+as "\fBFrom:\fR \fIname\fR\fB <\fR\fIaddress\fR\fB>\fR".
+This is the default as of Postfix 3.3.
+.br
+.IP "\fBobsolete\fR"
+Produce a header formatted as "\fBFrom:\fR
+\fIaddress\fR \fB(\fR\fIname\fR\fB)\fR". This is the behavior
+prior to Postfix 3.3.
+.br
+.br
+.PP
+Notes:
+.IP \(bu
+Postfix generates the format "\fBFrom:\fR \fIaddress\fR"
+when \fIname\fR information is unavailable or the envelope sender
+address is empty. This is the same behavior as prior to Postfix
+3.3.
+.IP \(bu
+In the \fBstandard\fR form, the \fIname\fR will be quoted
+if it contains \fBspecials\fR as defined in RFC 5322, or the "!%"
+address operators.
+.IP \(bu
+The Postfix \fBsendmail\fR(1) command gets \fIname\fR information
+from the \fB\-F\fR command\-line option, from the \fBNAME\fR
+environment variable, or from the UNIX password file.
+.br
+.PP
+This feature is available in Postfix 3.3 and later.
+.SH header_size_limit (default: 102400)
+The maximal amount of memory in bytes for storing a message header.
+If a header is larger, the excess is discarded. The limit is
+enforced by the \fBcleanup\fR(8) server.
+.SH helpful_warnings (default: yes)
+Log warnings about problematic configuration settings, and provide
+helpful suggestions.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH home_mailbox (default: empty)
+Optional pathname of a mailbox file relative to a \fBlocal\fR(8) user's
+home directory.
+.PP
+Specify a pathname ending in "/" for qmail\-style delivery.
+.PP
+The precedence of \fBlocal\fR(8) delivery features from high to low
+is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
+mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
+fallback_transport_maps, fallback_transport and luser_relay.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+home_mailbox = Mailbox
+home_mailbox = Maildir/
+.fi
+.ad
+.ft R
+.SH hopcount_limit (default: 50)
+The maximal number of Received: message headers that is allowed
+in the primary message headers. A message that exceeds the limit
+is bounced, in order to stop a mailer loop.
+.SH html_directory (default: see "postconf \-d" output)
+The location of Postfix HTML files that describe how to build,
+configure or operate a specific Postfix subsystem or feature.
+.SH ignore_mx_lookup_error (default: no)
+Ignore DNS MX lookups that produce no response. By default,
+the Postfix SMTP client defers delivery and tries again after some
+delay. This behavior is required by the SMTP standard.
+.PP
+Specify "ignore_mx_lookup_error = yes" to force a DNS A record
+lookup instead. This violates the SMTP standard and can result in
+mis\-delivery of mail.
+.SH ignore_srv_lookup_error (default: no)
+When SRV record lookup fails, fall back to MX or IP address
+lookup as if SRV record lookup was not enabled.
+.PP
+This feature is available in Postfix 3.8 and later.
+.SH import_environment (default: see "postconf \-d" output)
+The list of environment variables that a privileged Postfix
+process will import from a non\-Postfix parent process, or name=value
+environment overrides. Unprivileged utilities will enforce the
+name=value overrides, but otherwise will not change their process
+environment. Examples of relevant environment variables:
+.IP "\fBTZ\fR"
+May be needed for sane time keeping on most System\-V\-ish systems.
+.br
+.IP "\fBDISPLAY\fR"
+Needed for debugging Postfix daemons with an X\-windows debugger.
+.br
+.IP "\fBXAUTHORITY\fR"
+Needed for debugging Postfix daemons with an X\-windows debugger.
+.br
+.IP "\fBMAIL_CONFIG\fR"
+Needed to make "\fBpostfix \-c\fR" work.
+.br
+.IP "\fBPOSTLOG_SERVICE\fR"
+Needed to make "\fBmaillog_file\fR" work during daemon
+process initialization.
+.br
+.IP "\fBPOSTLOG_HOSTNAME\fR"
+Needed to make "\fBmaillog_file\fR" work during daemon
+process initialization.
+.br
+.br
+.PP
+Specify a list of names and/or name=value pairs, separated by
+whitespace or comma. Specify "{ name=value }" to protect whitespace
+or comma in environment variable values (whitespace after the opening "{" and
+before the closing "}"
+is ignored). The form name=value is supported with Postfix version
+2.1 and later; the use of {} is supported with Postfix 3.0 and
+later.
+.SH in_flow_delay (default: 1s)
+Time to pause before accepting a new message, when the message
+arrival rate exceeds the message delivery rate. This feature is
+turned on by default (it's disabled on SCO UNIX due to an SCO bug).
+.PP
+With the default 100 Postfix SMTP server process limit, "in_flow_delay
+= 1s" limits the mail inflow to 100 messages per second above the
+number of messages delivered per second.
+.PP
+Specify 0 to disable the feature. Valid delays are 0..10.
+.SH inet_interfaces (default: all)
+The local network interface addresses that this mail system receives
+mail on. Specify "all" to receive mail on all network
+interfaces (default), and "loopback\-only" to receive mail
+on loopback network interfaces only (Postfix version 2.2 and later). The
+parameter also controls delivery of mail to user@[ip.address].
+.PP
+Note 1: you need to stop and start Postfix when this parameter changes.
+.PP
+Note 2: address information may be enclosed inside [],
+but this form is not required here.
+.PP
+When inet_interfaces specifies just one IPv4 and/or IPv6 address
+that is not a loopback address, the Postfix SMTP client will use
+this address as the IP source address for outbound mail. Support
+for IPv6 is available in Postfix version 2.2 and later.
+.PP
+On a multi\-homed firewall with separate Postfix instances listening on the
+"inside" and "outside" interfaces, this can prevent each instance from
+being able to reach remote SMTP servers on the "other side" of the
+firewall. Setting
+smtp_bind_address to 0.0.0.0 avoids the potential problem for
+IPv4, and setting smtp_bind_address6 to :: solves the problem
+for IPv6.
+.PP
+A better solution for multi\-homed firewalls is to leave inet_interfaces
+at the default value and instead use explicit IP addresses in
+the master.cf SMTP server definitions. This preserves the Postfix
+SMTP client's
+loop detection, by ensuring that each side of the firewall knows that the
+other IP address is still the same host. Setting $inet_interfaces to a
+single IPv4 and/or IPV6 address is primarily useful with virtual
+hosting of domains on
+secondary IP addresses, when each IP address serves a different domain
+(and has a different $myhostname setting).
+.PP
+See also the proxy_interfaces parameter, for network addresses that
+are forwarded to Postfix by way of a proxy or address translator.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+inet_interfaces = all (DEFAULT)
+inet_interfaces = loopback\-only (Postfix version 2.2 and later)
+inet_interfaces = 127.0.0.1
+inet_interfaces = 127.0.0.1, [::1] (Postfix version 2.2 and later)
+inet_interfaces = 192.168.1.2, 127.0.0.1
+.fi
+.ad
+.ft R
+.SH inet_protocols (default: see 'postconf \-d output')
+The Internet protocols Postfix will attempt to use when making
+or accepting connections. Specify one or more of "ipv4"
+or "ipv6", separated by whitespace or commas. The form
+"all" is equivalent to "ipv4, ipv6" or "ipv4", depending
+on whether the operating system implements IPv6.
+.PP
+With Postfix 2.8 and earlier the default is "ipv4". For backwards
+compatibility with these releases, the Postfix 2.9 and later upgrade
+procedure appends an explicit "inet_protocols = ipv4" setting to
+main.cf when no explicit setting is present. This compatibility
+workaround will be phased out as IPv6 deployment becomes more common.
+.PP
+This feature is available in Postfix 2.2 and later.
+.PP
+Note: you MUST stop and start Postfix after changing this
+parameter.
+.PP
+On systems that pre\-date IPV6_V6ONLY support (RFC 3493), an
+IPv6 server will also accept IPv4 connections, even when IPv4 is
+turned off with the inet_protocols parameter. On systems with
+IPV6_V6ONLY support, Postfix will use separate server sockets for
+IPv6 and IPv4, and each will accept only connections for the
+corresponding protocol.
+.PP
+When IPv4 support is enabled via the inet_protocols parameter,
+Postfix will look up DNS type A records, and will convert
+IPv4\-in\-IPv6 client IP addresses (::ffff:1.2.3.4) to their original
+IPv4 form (1.2.3.4). The latter is needed on hosts that pre\-date
+IPV6_V6ONLY support (RFC 3493).
+.PP
+When IPv6 support is enabled via the inet_protocols parameter,
+Postfix will do DNS type AAAA record lookups.
+.PP
+When both IPv4 and IPv6 support are enabled, the Postfix SMTP
+client will choose the protocol as specified with the
+smtp_address_preference parameter. Postfix versions before 2.8
+attempt to connect via IPv6 before attempting to use IPv4.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+inet_protocols = ipv4
+inet_protocols = all (DEFAULT)
+inet_protocols = ipv6
+inet_protocols = ipv4, ipv6
+.fi
+.ad
+.ft R
+.SH info_log_address_format (default: external)
+The email address form that will be used in non\-debug logging
+(info, warning, etc.). As of Postfix 3.5 when an address localpart
+contains spaces or other special characters, the localpart will be
+quoted, for example:
+.sp
+.in +4
+.nf
+.na
+.ft C
+ from=<"name with spaces"@example.com>
+.fi
+.ad
+.ft R
+.in -4
+.PP
+Older Postfix versions would log the internal (unquoted) form:
+.sp
+.in +4
+.nf
+.na
+.ft C
+ from=<name with spaces@example.com>
+.fi
+.ad
+.ft R
+.in -4
+.PP
+The external and internal forms are identical for the vast
+majority of email addresses that contain no spaces or other special
+characters in the localpart.
+.PP
+The logging in external form is consistent with the address
+form that Postfix 3.2 and later prefer for most table lookups. This
+is therefore the more useful form for non\-debug logging.
+.PP
+Specify "\fBinfo_log_address_format = internal\fR" for backwards
+compatibility.
+.PP
+Postfix uses the unquoted form internally, because an attacker
+can specify an email address in different forms by playing games
+with quotes and backslashes. An attacker should not be able to use
+such games to circumvent Postfix access policies.
+.PP
+This feature is available in Postfix 3.5 and later.
+.SH initial_destination_concurrency (default: 5)
+The initial per\-destination concurrency level for parallel delivery
+to the same destination.
+With per\-destination recipient limit > 1, a destination is a domain,
+otherwise it is a recipient.
+.PP
+Use \fItransport\fR_initial_destination_concurrency to specify
+a transport\-specific override, where \fItransport\fR is the master.cf
+name of the message delivery transport (Postfix 2.5 and later).
+.PP
+Warning: with concurrency of 1, one bad message can be enough to
+block all mail to a site.
+.SH internal_mail_filter_classes (default: empty)
+What categories of Postfix\-generated mail are subject to
+before\-queue content inspection by non_smtpd_milters, header_checks
+and body_checks. Specify zero or more of the following, separated
+by whitespace or comma.
+.IP "\fBbounce\fR"
+Inspect the content of delivery
+status notifications.
+.br
+.IP "\fBnotify\fR"
+Inspect the content of postmaster
+notifications by the \fBsmtp\fR(8) and \fBsmtpd\fR(8) processes.
+.br
+.br
+.PP
+NOTE: It's generally not safe to enable content inspection of
+Postfix\-generated email messages. The user is warned.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH invalid_hostname_reject_code (default: 501)
+The numerical Postfix SMTP server response code when the client
+HELO or EHLO command parameter is rejected by the reject_invalid_helo_hostname
+restriction.
+.PP
+Do not change this unless you have a complete understanding of RFC 5321.
+.SH ipc_idle (default: version dependent)
+The time after which a client closes an idle internal communication
+channel. The purpose is to allow Postfix daemon processes to
+terminate voluntarily after they become idle. This is used, for
+example, by the Postfix address resolving and rewriting clients.
+.PP
+With Postfix 2.4 the default value was reduced from 100s to 5s.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH ipc_timeout (default: 3600s)
+The time limit for sending or receiving information over an internal
+communication channel. The purpose is to break out of deadlock
+situations. If the time limit is exceeded the software aborts with a
+fatal error.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH ipc_ttl (default: 1000s)
+The time after which a client closes an active internal communication
+channel. The purpose is to allow Postfix daemon processes to
+terminate voluntarily
+after reaching their client limit. This is used, for example, by
+the Postfix address resolving and rewriting clients.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH known_tcp_ports (default: lmtp=24, smtp=25, smtps=submissions=465, submission=587)
+Optional setting that avoids lookups in the \fBservices\fR(5) database.
+This feature was implemented to address inconsistencies in the name
+of the port "465" service. The ABNF is:
+.sp
+.in +4
+known_tcp_ports = empty | name\-to\-port *("," name\-to\-port)
+.br
+name\-to\-port = 1*(service\-name "=') port\-number
+.in -4
+.PP
+The comma is required. Whitespace is optional but it cannot appear
+inside a service name or port number.
+.PP
+This feature is available in Postfix 3.6 and later.
+.SH line_length_limit (default: 2048)
+Upon input, long lines are chopped up into pieces of at most
+this length; upon delivery, long lines are reconstructed.
+.SH lmdb_map_size (default: 16777216)
+The initial OpenLDAP LMDB database size limit in bytes. Each time
+a database becomes full, its size limit is doubled.
+.PP
+This feature is available in Postfix 2.11 and later.
+.SH lmtp_address_preference (default: ipv6)
+The LMTP\-specific version of the smtp_address_preference
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH lmtp_address_verify_target (default: rcpt)
+The LMTP\-specific version of the smtp_address_verify_target
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 3.0 and later.
+.SH lmtp_assume_final (default: no)
+When a remote LMTP server announces no DSN support, assume that
+the
+server performs final delivery, and send "delivered" delivery status
+notifications instead of "relayed". The default setting is backwards
+compatible to avoid the infinitesimal possibility of breaking
+existing LMTP\-based content filters.
+.SH lmtp_balance_inet_protocols (default: yes)
+The LMTP\-specific version of the smtp_balance_inet_protocols
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 3.3 and later.
+.SH lmtp_bind_address (default: empty)
+The LMTP\-specific version of the smtp_bind_address configuration
+parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_bind_address6 (default: empty)
+The LMTP\-specific version of the smtp_bind_address6 configuration
+parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_bind_address_enforce (default: empty)
+The LMTP\-specific version of the smtp_bind_address_enforce
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 3.7 and later.
+.SH lmtp_body_checks (default: empty)
+The LMTP\-specific version of the smtp_body_checks configuration
+parameter. See there for details.
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH lmtp_cache_connection (default: yes)
+Keep Postfix LMTP client connections open for up to $max_idle
+seconds. When the LMTP client receives a request for the same
+connection the connection is reused.
+.PP
+This parameter is available in Postfix version 2.2 and earlier.
+With Postfix version 2.3 and later, see lmtp_connection_cache_on_demand,
+lmtp_connection_cache_destinations, or lmtp_connection_reuse_time_limit.
+.PP
+The effectiveness of cached connections will be determined by the
+number of remote LMTP servers in use, and the concurrency limit specified
+for the Postfix LMTP client. Cached connections are closed under any of
+the following conditions:
+.IP \(bu
+The Postfix LMTP client idle time limit is reached. This limit is
+specified with the Postfix max_idle configuration parameter.
+.IP \(bu
+A delivery request specifies a different destination than the
+one currently cached.
+.IP \(bu
+The per\-process limit on the number of delivery requests is
+reached. This limit is specified with the Postfix max_use
+configuration parameter.
+.IP \(bu
+Upon the onset of another delivery request, the remote LMTP server
+associated with the current session does not respond to the RSET
+command.
+.br
+.PP
+Most of these limitations have been with the Postfix
+connection cache that is shared among multiple LMTP client
+programs.
+.SH lmtp_cname_overrides_servername (default: yes)
+The LMTP\-specific version of the smtp_cname_overrides_servername
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_connect_timeout (default: 0s)
+The Postfix LMTP client time limit for completing a TCP connection, or
+zero (use the operating system built\-in time limit). When no
+connection can be made within the deadline, the LMTP client tries
+the next address on the mail exchanger list.
+.PP
+Specify a non\-negative time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+lmtp_connect_timeout = 30s
+.fi
+.ad
+.ft R
+.SH lmtp_connection_cache_destinations (default: empty)
+The LMTP\-specific version of the smtp_connection_cache_destinations
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_connection_cache_on_demand (default: yes)
+The LMTP\-specific version of the smtp_connection_cache_on_demand
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_connection_cache_time_limit (default: 2s)
+The LMTP\-specific version of the
+smtp_connection_cache_time_limit configuration parameter.
+See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_connection_reuse_count_limit (default: 0)
+The LMTP\-specific version of the smtp_connection_reuse_count_limit
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.11 and later.
+.SH lmtp_connection_reuse_time_limit (default: 300s)
+The LMTP\-specific version of the smtp_connection_reuse_time_limit
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_data_done_timeout (default: 600s)
+The Postfix LMTP client time limit for sending the LMTP ".",
+and for receiving the remote LMTP server response. When no response
+is received within the deadline, a warning is logged that the mail
+may be delivered multiple times.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH lmtp_data_init_timeout (default: 120s)
+The Postfix LMTP client time limit for sending the LMTP DATA command,
+and
+for receiving the remote LMTP server response.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH lmtp_data_xfer_timeout (default: 180s)
+The Postfix LMTP client time limit for sending the LMTP message
+content.
+When the connection stalls for more than $lmtp_data_xfer_timeout
+the LMTP client terminates the transfer.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH lmtp_defer_if_no_mx_address_found (default: no)
+The LMTP\-specific version of the smtp_defer_if_no_mx_address_found
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_delivery_status_filter (default: empty)
+The LMTP\-specific version of the smtp_delivery_status_filter
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 3.0 and later.
+.SH lmtp_destination_concurrency_limit (default: $default_destination_concurrency_limit)
+The maximal number of parallel deliveries to the same destination
+via the lmtp message delivery transport. This limit is enforced by
+the queue manager. The message delivery transport name is the first
+field in the entry in the master.cf file.
+.SH lmtp_destination_recipient_limit (default: $default_destination_recipient_limit)
+The maximal number of recipients per message for the lmtp
+message delivery transport. This limit is enforced by the queue
+manager. The message delivery transport name is the first field in
+the entry in the master.cf file.
+.PP
+Setting this parameter to a value of 1 changes the meaning of
+lmtp_destination_concurrency_limit from concurrency per domain into
+concurrency per recipient.
+.SH lmtp_discard_lhlo_keyword_address_maps (default: empty)
+Lookup tables, indexed by the remote LMTP server address, with
+case insensitive lists of LHLO keywords (pipelining, starttls,
+auth, etc.) that the Postfix LMTP client will ignore in the LHLO
+response
+from a remote LMTP server. See lmtp_discard_lhlo_keywords for
+details. The table is not indexed by hostname for consistency with
+smtpd_discard_ehlo_keyword_address_maps.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_discard_lhlo_keywords (default: empty)
+A case insensitive list of LHLO keywords (pipelining, starttls,
+auth, etc.) that the Postfix LMTP client will ignore in the LHLO
+response
+from a remote LMTP server.
+.PP
+This feature is available in Postfix 2.3 and later.
+.PP
+Notes:
+.IP \(bu
+Specify the \fBsilent\-discard\fR pseudo keyword to prevent
+this action from being logged.
+.IP \(bu
+Use the lmtp_discard_lhlo_keyword_address_maps feature to
+discard LHLO keywords selectively.
+.br
+.SH lmtp_dns_reply_filter (default: empty)
+Optional filter for Postfix LMTP client DNS lookup results.
+See smtp_dns_reply_filter for details including an example.
+.PP
+This feature is available in Postfix 3.0 and later.
+.SH lmtp_dns_resolver_options (default: empty)
+The LMTP\-specific version of the smtp_dns_resolver_options
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH lmtp_dns_support_level (default: empty)
+The LMTP\-specific version of the smtp_dns_support_level
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.11 and later.
+.SH lmtp_enforce_tls (default: no)
+The LMTP\-specific version of the smtp_enforce_tls configuration
+parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_fallback_relay (default: empty)
+Optional list of relay hosts for LMTP destinations that can't be
+found or that are unreachable. In main.cf elements are separated by
+whitespace or commas.
+.PP
+By default, mail is returned to the sender when a destination is not
+found, and delivery is deferred when a destination is unreachable.
+.PP
+The fallback relays must be TCP destinations, specified without
+a leading "inet:" prefix. Specify a host or host:port. Since MX
+lookups do not apply with LMTP, there is no need to use the "[host]" or
+"[host]:port" forms. If you specify multiple LMTP destinations, Postfix
+will try them in the specified order.
+.PP
+This feature is available in Postfix 3.1 and later.
+.SH lmtp_generic_maps (default: empty)
+The LMTP\-specific version of the smtp_generic_maps configuration
+parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_header_checks (default: empty)
+The LMTP\-specific version of the smtp_header_checks configuration
+parameter. See there for details.
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH lmtp_host_lookup (default: dns)
+The LMTP\-specific version of the smtp_host_lookup configuration
+parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_lhlo_name (default: $myhostname)
+The hostname to send in the LMTP LHLO command.
+.PP
+The default value is the machine hostname. Specify a hostname or
+[ip.add.re.ss] or [ip:v6:add:re::ss].
+.PP
+This information can be specified in the main.cf file for all LMTP
+clients, or it can be specified in the master.cf file for a specific
+client, for example:
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/master.cf:
+ mylmtp ... lmtp \-o lmtp_lhlo_name=foo.bar.com
+.fi
+.ad
+.ft R
+.in -4
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_lhlo_timeout (default: 300s)
+The Postfix LMTP client time limit for sending the LHLO command,
+and for receiving the initial remote LMTP server response.
+.PP
+Time units: s (seconds), m (minutes), h (hours), d (days), w
+(weeks). The default time unit is s (seconds).
+.SH lmtp_line_length_limit (default: 998)
+The LMTP\-specific version of the smtp_line_length_limit
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_mail_timeout (default: 300s)
+The Postfix LMTP client time limit for sending the MAIL FROM command,
+and for receiving the remote LMTP server response.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH lmtp_mime_header_checks (default: empty)
+The LMTP\-specific version of the smtp_mime_header_checks
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH lmtp_min_data_rate (default: 500)
+The LMTP\-specific version of the smtp_min_data_rate configuration
+parameter. See there for details.
+.PP
+This feature is available in Postfix 3.7 and later.
+.SH lmtp_mx_address_limit (default: 5)
+The LMTP\-specific version of the smtp_mx_address_limit configuration
+parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_mx_session_limit (default: 2)
+The LMTP\-specific version of the smtp_mx_session_limit configuration
+parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_nested_header_checks (default: empty)
+The LMTP\-specific version of the smtp_nested_header_checks
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH lmtp_per_record_deadline (default: no)
+The LMTP\-specific version of the smtp_per_record_deadline
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.9 and later.
+.SH lmtp_per_request_deadline (default: no)
+The LMTP\-specific version of the smtp_per_request_deadline
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 3.7 and later.
+.SH lmtp_pix_workaround_delay_time (default: 10s)
+The LMTP\-specific version of the smtp_pix_workaround_delay_time
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_pix_workaround_maps (default: empty)
+The LMTP\-specific version of the smtp_pix_workaround_maps
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.4 and later.
+.SH lmtp_pix_workaround_threshold_time (default: 500s)
+The LMTP\-specific version of the smtp_pix_workaround_threshold_time
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_pix_workarounds (default: empty)
+The LMTP\-specific version of the smtp_pix_workaround
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.4 and later.
+.SH lmtp_quit_timeout (default: 300s)
+The Postfix LMTP client time limit for sending the QUIT command,
+and for receiving the remote LMTP server response.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH lmtp_quote_rfc821_envelope (default: yes)
+The LMTP\-specific version of the smtp_quote_rfc821_envelope
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_randomize_addresses (default: yes)
+The LMTP\-specific version of the smtp_randomize_addresses
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_rcpt_timeout (default: 300s)
+The Postfix LMTP client time limit for sending the RCPT TO command,
+and for receiving the remote LMTP server response.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH lmtp_reply_filter (default: empty)
+The LMTP\-specific version of the smtp_reply_filter
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.7 and later.
+.SH lmtp_rset_timeout (default: 20s)
+The Postfix LMTP client time limit for sending the RSET command,
+and for receiving the remote LMTP server response. The LMTP client
+sends RSET in
+order to finish a recipient address probe, or to verify that a
+cached connection is still alive.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH lmtp_sasl_auth_cache_name (default: empty)
+The LMTP\-specific version of the smtp_sasl_auth_cache_name
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH lmtp_sasl_auth_cache_time (default: 90d)
+The LMTP\-specific version of the smtp_sasl_auth_cache_time
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH lmtp_sasl_auth_enable (default: no)
+Enable SASL authentication in the Postfix LMTP client.
+.SH lmtp_sasl_auth_soft_bounce (default: yes)
+The LMTP\-specific version of the smtp_sasl_auth_soft_bounce
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH lmtp_sasl_mechanism_filter (default: empty)
+The LMTP\-specific version of the smtp_sasl_mechanism_filter
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_sasl_password_maps (default: empty)
+Optional Postfix LMTP client lookup tables with one username:password entry
+per host or domain. If a remote host or domain has no username:password
+entry, then the Postfix LMTP client will not attempt to authenticate
+to the remote host.
+.SH lmtp_sasl_path (default: empty)
+Implementation\-specific information that is passed through to
+the SASL plug\-in implementation that is selected with
+\fBlmtp_sasl_type\fR. Typically this specifies the name of a
+configuration file or rendezvous point.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_sasl_security_options (default: noplaintext, noanonymous)
+SASL security options; as of Postfix 2.3 the list of available
+features depends on the SASL client implementation that is selected
+with \fBlmtp_sasl_type\fR.
+.PP
+The following security features are defined for the \fBcyrus\fR
+client SASL implementation:
+.IP "\fBnoplaintext\fR"
+Disallow authentication methods that use plaintext passwords.
+.br
+.IP "\fBnoactive\fR"
+Disallow authentication methods that are vulnerable to non\-dictionary
+active attacks.
+.br
+.IP "\fBnodictionary\fR"
+Disallow authentication methods that are vulnerable to passive
+dictionary attacks.
+.br
+.IP "\fBnoanonymous\fR"
+Disallow anonymous logins.
+.br
+.br
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+lmtp_sasl_security_options = noplaintext
+.fi
+.ad
+.ft R
+.SH lmtp_sasl_tls_security_options (default: $lmtp_sasl_security_options)
+The LMTP\-specific version of the smtp_sasl_tls_security_options
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_sasl_tls_verified_security_options (default: $lmtp_sasl_tls_security_options)
+The LMTP\-specific version of the
+smtp_sasl_tls_verified_security_options configuration parameter.
+See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_sasl_type (default: cyrus)
+The SASL plug\-in type that the Postfix LMTP client should use
+for authentication. The available types are listed with the
+"\fBpostconf \-A\fR" command.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_send_dummy_mail_auth (default: no)
+The LMTP\-specific version of the smtp_send_dummy_mail_auth
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.9 and later.
+.SH lmtp_send_xforward_command (default: no)
+Send an XFORWARD command to the remote LMTP server when the LMTP LHLO
+server response announces XFORWARD support. This allows an \fBlmtp\fR(8)
+delivery agent, used for content filter message injection, to
+forward the name, address, protocol and HELO name of the original
+client to the content filter and downstream LMTP server.
+Before you change the value to yes, it is best to make sure that
+your content filter supports this command.
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH lmtp_sender_dependent_authentication (default: no)
+The LMTP\-specific version of the smtp_sender_dependent_authentication
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_skip_5xx_greeting (default: yes)
+The LMTP\-specific version of the smtp_skip_5xx_greeting
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_skip_quit_response (default: no)
+Wait for the response to the LMTP QUIT command.
+.SH lmtp_starttls_timeout (default: 300s)
+The LMTP\-specific version of the smtp_starttls_timeout configuration
+parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_tcp_port (default: 24)
+The default TCP port that the Postfix LMTP client connects to.
+Specify a symbolic name (see \fBservices\fR(5)) or a numeric port.
+.SH lmtp_tls_CAfile (default: empty)
+The LMTP\-specific version of the smtp_tls_CAfile
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_tls_CApath (default: empty)
+The LMTP\-specific version of the smtp_tls_CApath
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_tls_block_early_mail_reply (default: empty)
+The LMTP\-specific version of the smtp_tls_block_early_mail_reply
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.7 and later.
+.SH lmtp_tls_cert_file (default: empty)
+The LMTP\-specific version of the smtp_tls_cert_file
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_tls_chain_files (default: empty)
+The LMTP\-specific version of the smtp_tls_chain_files configuration
+parameter. See there for details.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH lmtp_tls_ciphers (default: medium)
+The LMTP\-specific version of the smtp_tls_ciphers configuration
+parameter. See there for details.
+.PP
+This feature is available in Postfix 2.6 and later.
+.SH lmtp_tls_connection_reuse (default: no)
+The LMTP\-specific version of the smtp_tls_connection_reuse configuration
+parameter. See there for details.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH lmtp_tls_dcert_file (default: empty)
+The LMTP\-specific version of the smtp_tls_dcert_file
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_tls_dkey_file (default: $lmtp_tls_dcert_file)
+The LMTP\-specific version of the smtp_tls_dkey_file
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_tls_eccert_file (default: empty)
+The LMTP\-specific version of the smtp_tls_eccert_file configuration
+parameter. See there for details.
+.PP
+This feature is available in Postfix 2.6 and later, when Postfix is
+compiled and linked with OpenSSL 1.0.0 or later.
+.SH lmtp_tls_eckey_file (default: empty)
+The LMTP\-specific version of the smtp_tls_eckey_file configuration
+parameter. See there for details.
+.PP
+This feature is available in Postfix 2.6 and later, when Postfix is
+compiled and linked with OpenSSL 1.0.0 or later.
+.SH lmtp_tls_enforce_peername (default: yes)
+The LMTP\-specific version of the smtp_tls_enforce_peername
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_tls_exclude_ciphers (default: empty)
+The LMTP\-specific version of the smtp_tls_exclude_ciphers
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_tls_fingerprint_cert_match (default: empty)
+The LMTP\-specific version of the smtp_tls_fingerprint_cert_match
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH lmtp_tls_fingerprint_digest (default: see "postconf \-d" output)
+The LMTP\-specific version of the smtp_tls_fingerprint_digest
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH lmtp_tls_force_insecure_host_tlsa_lookup (default: no)
+The LMTP\-specific version of the smtp_tls_force_insecure_host_tlsa_lookup
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.11 and later.
+.SH lmtp_tls_key_file (default: $lmtp_tls_cert_file)
+The LMTP\-specific version of the smtp_tls_key_file
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_tls_loglevel (default: 0)
+The LMTP\-specific version of the smtp_tls_loglevel
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_tls_mandatory_ciphers (default: medium)
+The LMTP\-specific version of the smtp_tls_mandatory_ciphers
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_tls_mandatory_exclude_ciphers (default: empty)
+The LMTP\-specific version of the smtp_tls_mandatory_exclude_ciphers
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_tls_mandatory_protocols (default: see postconf \-d output)
+The LMTP\-specific version of the smtp_tls_mandatory_protocols
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_tls_note_starttls_offer (default: no)
+The LMTP\-specific version of the smtp_tls_note_starttls_offer
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_tls_per_site (default: empty)
+The LMTP\-specific version of the smtp_tls_per_site configuration
+parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_tls_policy_maps (default: empty)
+The LMTP\-specific version of the smtp_tls_policy_maps
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_tls_protocols (default: see postconf \-d output)
+The LMTP\-specific version of the smtp_tls_protocols configuration
+parameter. See there for details.
+.PP
+This feature is available in Postfix 2.6 and later.
+.SH lmtp_tls_scert_verifydepth (default: 9)
+The LMTP\-specific version of the smtp_tls_scert_verifydepth
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_tls_secure_cert_match (default: nexthop)
+The LMTP\-specific version of the smtp_tls_secure_cert_match
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_tls_security_level (default: empty)
+The LMTP\-specific version of the smtp_tls_security_level configuration
+parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_tls_servername (default: empty)
+The LMTP\-specific version of the smtp_tls_servername configuration
+parameter. See there for details.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH lmtp_tls_session_cache_database (default: empty)
+The LMTP\-specific version of the smtp_tls_session_cache_database
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_tls_session_cache_timeout (default: 3600s)
+The LMTP\-specific version of the smtp_tls_session_cache_timeout
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_tls_trust_anchor_file (default: empty)
+The LMTP\-specific version of the smtp_tls_trust_anchor_file
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.11 and later.
+.SH lmtp_tls_verify_cert_match (default: hostname)
+The LMTP\-specific version of the smtp_tls_verify_cert_match
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_tls_wrappermode (default: no)
+The LMTP\-specific version of the smtp_tls_wrappermode configuration
+parameter. See there for details.
+.PP
+This feature is available in Postfix 3.0 and later.
+.SH lmtp_use_tls (default: no)
+The LMTP\-specific version of the smtp_use_tls configuration
+parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH lmtp_xforward_timeout (default: 300s)
+The Postfix LMTP client time limit for sending the XFORWARD command,
+and for receiving the remote LMTP server response.
+.PP
+In case of problems the client does NOT try the next address on
+the mail exchanger list.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH local_command_shell (default: empty)
+Optional shell program for \fBlocal\fR(8) delivery to non\-Postfix commands.
+By default, non\-Postfix commands are executed directly; commands
+are given to the default shell (typically, /bin/sh) only when they
+contain shell meta characters or shell built\-in commands.
+.PP
+"sendmail's restricted shell" (smrsh) is what most people will
+use in order to restrict what programs can be run from e.g. .forward
+files (smrsh is part of the Sendmail distribution).
+.PP
+Note: when a shell program is specified, it is invoked even
+when the command contains no shell built\-in commands or meta
+characters.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+local_command_shell = /some/where/smrsh \-c
+local_command_shell = /bin/bash \-c
+.fi
+.ad
+.ft R
+.SH local_delivery_status_filter (default: $default_delivery_status_filter)
+Optional filter for the \fBlocal\fR(8) delivery agent to change the
+status code or explanatory text of successful or unsuccessful
+deliveries. See default_delivery_status_filter for details.
+.PP
+This feature is available in Postfix 3.0 and later.
+.SH local_destination_concurrency_limit (default: 2)
+The maximal number of parallel deliveries via the local mail
+delivery transport to the same recipient (when
+"local_destination_recipient_limit = 1") or the maximal number of
+parallel deliveries to the same local domain (when
+"local_destination_recipient_limit > 1"). This limit is enforced by
+the queue manager. The message delivery transport name is the first
+field in the entry in the master.cf file.
+.PP
+A low limit of 2 is recommended, just in case someone has an
+expensive shell command in a .forward file or in an alias (e.g.,
+a mailing list manager). You don't want to run lots of those at
+the same time.
+.SH local_destination_recipient_limit (default: 1)
+The maximal number of recipients per message delivery via the
+local mail delivery transport. This limit is enforced by the queue
+manager. The message delivery transport name is the first field in
+the entry in the master.cf file.
+.PP
+Setting this parameter to a value > 1 changes the meaning of
+local_destination_concurrency_limit from concurrency per recipient
+into concurrency per domain.
+.SH local_header_rewrite_clients (default: permit_inet_interfaces)
+Rewrite or add message headers in mail from these clients,
+updating incomplete addresses with the domain name in $myorigin or
+$mydomain, and adding missing headers.
+.PP
+See the append_at_myorigin and append_dot_mydomain parameters
+for details of how domain names are appended to incomplete addresses.
+.PP
+See remote_header_rewrite_domain to optionally rewrite or add
+message headers in mail from other clients.
+.PP
+Specify a list of zero or more of the following:
+.IP "\fBpermit_inet_interfaces\fR"
+Append the domain name in $myorigin or $mydomain when the
+client IP address matches $inet_interfaces. This is enabled by
+default.
+.br
+.IP "\fBpermit_mynetworks\fR"
+Append the domain name in $myorigin or $mydomain when the
+client IP address matches any network or network address listed in
+$mynetworks. This setting will not prevent remote mail header
+address rewriting when mail from a remote client is forwarded by
+a neighboring system.
+.br
+.IP "\fBpermit_sasl_authenticated \fR"
+Append the domain name in $myorigin or $mydomain when the
+client is successfully authenticated via the RFC 4954 (AUTH)
+protocol.
+.br
+.IP "\fBpermit_tls_clientcerts \fR"
+Append the domain name in $myorigin or $mydomain when the
+remote SMTP client TLS certificate fingerprint or public key fingerprint
+(Postfix 2.9 and later) is listed in $relay_clientcerts.
+The fingerprint digest algorithm is configurable via the
+smtpd_tls_fingerprint_digest parameter (hard\-coded as md5 prior to
+Postfix version 2.5).
+.br
+The default algorithm is \fBsha256\fR with Postfix >= 3.6
+and the \fBcompatibility_level\fR set to 3.6 or higher. With Postfix
+<= 3.5, the default algorithm is \fBmd5\fR. The best\-practice
+algorithm is now \fBsha256\fR. Recent advances in hash function
+cryptanalysis have led to md5 and sha1 being deprecated in favor of
+sha256. However, as long as there are no known "second pre\-image"
+attacks against the older algorithms, their use in this context, though
+not recommended, is still likely safe.
+.br
+.IP "\fBpermit_tls_all_clientcerts \fR"
+Append the domain name in $myorigin or $mydomain when the
+remote SMTP client TLS certificate is successfully verified, regardless of
+whether it is listed on the server, and regardless of the certifying
+authority.
+.br
+.IP "\fBcheck_address_map \fItype:table\fR \fR"
+.IP "\fB\fItype:table\fR \fR"
+Append the domain name in $myorigin or $mydomain when the
+client IP address matches the specified lookup table.
+The lookup result is ignored, and no subnet lookup is done. This
+is suitable for, e.g., pop\-before\-smtp lookup tables.
+.br
+.br
+.PP
+Examples:
+.PP
+The Postfix < 2.2 backwards compatible setting: always rewrite
+message headers, and always append my own domain to incomplete
+header addresses.
+.sp
+.in +4
+.nf
+.na
+.ft C
+local_header_rewrite_clients = static:all
+.fi
+.ad
+.ft R
+.in -4
+.PP
+The purist (and default) setting: rewrite headers only in mail
+from Postfix sendmail and in SMTP mail from this machine.
+.sp
+.in +4
+.nf
+.na
+.ft C
+local_header_rewrite_clients = permit_inet_interfaces
+.fi
+.ad
+.ft R
+.in -4
+.PP
+The intermediate setting: rewrite header addresses and append
+$myorigin or $mydomain information only with mail from Postfix
+sendmail, from local clients, or from authorized SMTP clients.
+.PP
+Note: this setting will not prevent remote mail header address
+rewriting when mail from a remote client is forwarded by a neighboring
+system.
+.sp
+.in +4
+.nf
+.na
+.ft C
+local_header_rewrite_clients = permit_mynetworks,
+ permit_sasl_authenticated permit_tls_clientcerts
+ check_address_map hash:/etc/postfix/pop\-before\-smtp
+.fi
+.ad
+.ft R
+.in -4
+.SH local_login_sender_maps (default: static:*)
+A list of lookup tables that are searched by the UNIX login name,
+and that return a list of allowed envelope sender patterns separated
+by space or comma. These sender patterns are enforced by the Postfix
+\fBpostdrop\fR(1) command. The default is backwards\-compatible:
+every user may specify any sender envelope address.
+.PP
+When no UNIX login name is available, the \fBpostdrop\fR(1) command will
+prepend "\fBuid:\fR" to the numerical UID and use that instead.
+.PP
+This feature ignores address extensions in the user\-specified
+envelope sender address.
+.PP
+The following sender patterns are special; these cannot be used
+as part of a longer pattern.
+.IP "\fB * \fR
+This pattern allows any envelope sender address.
+.br
+.IP "\fB <> \fR"
+This pattern allows the empty
+envelope sender address. See the
+empty_address_local_login_sender_maps_lookup_key configuration
+parameter.
+.br
+.IP "\fB @\fR\fIdomain\fR"
+This pattern allows an
+envelope sender address when the '\fB@\fR' and \fIdomain\fR part
+match.
+.br
+.br
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ # Allow root and postfix full control, anyone else can only
+ # send mail as themselves. Use "uid:" followed by the numerical
+ # UID when the UID has no entry in the UNIX password file.
+ local_login_sender_maps =
+ inline:{ { root = * }, { postfix = * } },
+ pcre:/etc/postfix/login_senders
+.fi
+.ad
+.ft R
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/login_senders:
+ # Allow both the bare username and the user@domain forms.
+ /(.+)/ $1 $1@example.com
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 3.6 and later.
+.SH local_recipient_maps (default: proxy:unix:passwd.byname $alias_maps)
+Lookup tables with all names or addresses of local recipients:
+a recipient address is local when its domain matches $mydestination,
+$inet_interfaces or $proxy_interfaces. Specify @domain as a
+wild\-card for domains that do not have a valid recipient list.
+Technically, tables listed with $local_recipient_maps are used as
+lists: Postfix needs to know only if a lookup string is found or
+not, but it does not use the result from table lookup.
+.PP
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+.PP
+If this parameter is non\-empty (the default), then the Postfix SMTP
+server will reject mail for unknown local users.
+.PP
+To turn off local recipient checking in the Postfix SMTP server,
+specify "local_recipient_maps =" (i.e. empty).
+.PP
+The default setting assumes that you use the default Postfix local
+delivery agent for local delivery. You need to update the
+local_recipient_maps setting if:
+.IP \(bu
+You redefine the local delivery agent in master.cf.
+.IP \(bu
+You redefine the "local_transport" setting in main.cf.
+.IP \(bu
+You use the "luser_relay", "mailbox_transport", or "fallback_transport"
+feature of the Postfix \fBlocal\fR(8) delivery agent.
+.br
+.PP
+Details are described in the LOCAL_RECIPIENT_README file.
+.PP
+Beware: if the Postfix SMTP server runs chrooted, you need to access
+the passwd file via the \fBproxymap\fR(8) service, in order to overcome
+chroot access restrictions. The alternative, maintaining a copy of
+the system password file in the chroot jail is not practical.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+local_recipient_maps =
+.fi
+.ad
+.ft R
+.SH local_transport (default: local:$myhostname)
+The default mail delivery transport and next\-hop destination
+for final delivery to domains listed with mydestination, and for
+[ipaddress] destinations that match $inet_interfaces or $proxy_interfaces.
+This information can be overruled with the \fBtransport\fR(5) table.
+.PP
+By default, local mail is delivered to the transport called "local",
+which is just the name of a service that is defined the master.cf file.
+.PP
+Specify a string of the form \fItransport:nexthop\fR, where \fItransport\fR
+is the name of a mail delivery transport defined in master.cf.
+The \fI:nexthop\fR destination is optional; its syntax is documented
+in the manual page of the corresponding delivery agent.
+.PP
+Beware: if you override the default local delivery agent then you
+need to review the LOCAL_RECIPIENT_README document, otherwise the
+SMTP server may reject mail for local recipients.
+.SH luser_relay (default: empty)
+Optional catch\-all destination for unknown \fBlocal\fR(8) recipients.
+By default, mail for unknown recipients in domains that match
+$mydestination, $inet_interfaces or $proxy_interfaces is returned
+as undeliverable.
+.PP
+The luser_relay value is not subject to Postfix configuration
+parameter $name expansion. Instead, the following $name expansions
+are done:
+.IP "\fB$domain\fR"
+The recipient domain.
+.br
+.IP "\fB$extension\fR"
+The recipient address extension.
+.br
+.IP "\fB$home\fR"
+The recipient's home directory.
+.br
+.IP "\fB$local\fR"
+The entire recipient address localpart.
+.br
+.IP "\fB$recipient\fR"
+The full recipient address.
+.br
+.IP "\fB$recipient_delimiter\fR"
+The address extension delimiter that was found in the recipient
+address (Postfix 2.11 and later), or the system\-wide recipient
+address extension delimiter (Postfix 2.10 and earlier).
+.br
+.IP "\fB$shell\fR"
+The recipient's login shell.
+.br
+.IP "\fB$user\fR"
+The recipient username.
+.br
+.IP "\fB${name?value}\fR"
+.IP "\fB${name?{value}}\fR (Postfix >= 3.0)"
+Expands to \fIvalue\fR when \fI$name\fR is non\-empty.
+.br
+.IP "\fB${name:value}\fR"
+.IP "\fB${name:{value}}\fR (Postfix >= 3.0)"
+Expands to \fIvalue\fR when \fI$name\fR is empty.
+.br
+.IP "\fB${name?{value1}:{value2}}\fR (Postfix >= 3.0)"
+Expands to \fIvalue1\fR when \fI$name\fR is non\-empty,
+\fIvalue2\fR otherwise.
+.br
+.br
+.PP
+Instead of $name you can also specify ${name} or $(name).
+.PP
+Note: luser_relay works only for the Postfix \fBlocal\fR(8) delivery agent.
+.PP
+Note: if you use this feature for accounts not in the UNIX password
+file, then you must specify "local_recipient_maps =" (i.e. empty)
+in the main.cf file, otherwise the Postfix SMTP server will reject mail
+for non\-UNIX accounts with "User unknown in local recipient table".
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+luser_relay = $user@other.host
+luser_relay = $local@other.host
+luser_relay = admin+$local
+.fi
+.ad
+.ft R
+.SH mail_name (default: Postfix)
+The mail system name that is displayed in Received: headers, in
+the SMTP greeting banner, and in bounced mail.
+.SH mail_owner (default: postfix)
+The UNIX system account that owns the Postfix queue and most Postfix
+daemon processes. Specify the name of an unprivileged user account
+that does not share a user or group ID with other accounts, and that
+owns no other files
+or processes on the system. In particular, don't specify nobody
+or daemon. PLEASE USE A DEDICATED USER ID AND GROUP ID.
+.PP
+When this parameter value is changed you need to re\-run "\fBpostfix
+set\-permissions\fR" (with Postfix version 2.0 and earlier:
+"\fB/etc/postfix/post\-install set\-permissions\fR".
+.SH mail_release_date (default: see "postconf \-d" output)
+The Postfix release date, in "YYYYMMDD" format.
+.SH mail_spool_directory (default: see "postconf \-d" output)
+The directory where \fBlocal\fR(8) UNIX\-style mailboxes are kept. The
+default setting depends on the system type. Specify a name ending
+in / for maildir\-style delivery.
+.PP
+Note: maildir delivery is done with the privileges of the recipient.
+If you use the mail_spool_directory setting for maildir style
+delivery, then you must create the top\-level maildir directory in
+advance. Postfix will not create it.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+mail_spool_directory = /var/mail
+mail_spool_directory = /var/spool/mail
+.fi
+.ad
+.ft R
+.SH mail_version (default: see "postconf \-d" output)
+The version of the mail system. Stable releases are named
+\fImajor\fR.\fIminor\fR.\fIpatchlevel\fR. Experimental releases
+also include the release date. The version string can be used in,
+for example, the SMTP greeting banner.
+.SH mailbox_command (default: empty)
+Optional external command that the \fBlocal\fR(8) delivery agent should
+use for mailbox delivery. The command is run with the user ID and
+the primary group ID privileges of the recipient. Exception:
+command delivery for root executes with $default_privs privileges.
+This is not a problem, because 1) mail for root should always be
+aliased to a real user and 2) don't log in as root, use "su" instead.
+.PP
+The following environment variables are exported to the command:
+.IP "\fBCLIENT_ADDRESS\fR"
+Remote client network address. Available in Postfix version 2.2 and
+later.
+.br
+.IP "\fBCLIENT_HELO\fR"
+Remote client EHLO command parameter. Available in Postfix version 2.2
+and later.
+.br
+.IP "\fBCLIENT_HOSTNAME\fR"
+Remote client hostname. Available in Postfix version 2.2 and later.
+.br
+.IP "\fBCLIENT_PROTOCOL\fR"
+Remote client protocol. Available in Postfix version 2.2 and later.
+.br
+.IP "\fBDOMAIN\fR"
+The domain part of the recipient address.
+.br
+.IP "\fBEXTENSION\fR"
+The optional address extension.
+.br
+.IP "\fBHOME\fR"
+The recipient home directory.
+.br
+.IP "\fBLOCAL\fR"
+The recipient address localpart.
+.br
+.IP "\fBLOGNAME\fR"
+The recipient's username.
+.br
+.IP "\fBORIGINAL_RECIPIENT\fR"
+The entire recipient address, before any address rewriting or
+aliasing.
+.br
+.IP "\fBRECIPIENT\fR"
+The full recipient address.
+.br
+.IP "\fBSASL_METHOD\fR"
+SASL authentication method specified in the remote client AUTH
+command. Available in Postfix version 2.2 and later.
+.br
+.IP "\fBSASL_SENDER\fR"
+SASL sender address specified in the remote client MAIL FROM
+command. Available in Postfix version 2.2 and later.
+.br
+.IP "\fBSASL_USER\fR"
+SASL username specified in the remote client AUTH command.
+Available in Postfix version 2.2 and later.
+.br
+.IP "\fBSENDER\fR"
+The full sender address.
+.br
+.IP "\fBSHELL\fR"
+The recipient's login shell.
+.br
+.IP "\fBUSER\fR"
+The recipient username.
+.br
+.br
+.PP
+Unlike other Postfix configuration parameters, the mailbox_command
+parameter is not subjected to $name substitutions. This is to make
+it easier to specify shell syntax (see example below).
+.PP
+If you can, avoid shell meta characters because they will force
+Postfix to run an expensive shell process. If you're delivering
+via "procmail" then running a shell won't make a noticeable difference
+in the total cost.
+.PP
+Note: if you use the mailbox_command feature to deliver mail
+system\-wide, you must set up an alias that forwards mail for root
+to a real user.
+.PP
+The precedence of \fBlocal\fR(8) delivery features from high to low
+is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
+mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
+fallback_transport_maps, fallback_transport and luser_relay.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+mailbox_command = /some/where/procmail
+mailbox_command = /some/where/procmail \-a "$EXTENSION"
+mailbox_command = /some/where/maildrop \-d "$USER"
+ \-f "$SENDER" "$EXTENSION"
+.fi
+.ad
+.ft R
+.SH mailbox_command_maps (default: empty)
+Optional lookup tables with per\-recipient external commands to use
+for \fBlocal\fR(8) mailbox delivery. Behavior is as with mailbox_command.
+.PP
+The precedence of \fBlocal\fR(8) delivery features from high to low
+is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
+mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
+fallback_transport_maps, fallback_transport and luser_relay.
+.PP
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+.SH mailbox_delivery_lock (default: see "postconf \-d" output)
+How to lock a UNIX\-style \fBlocal\fR(8) mailbox before attempting delivery.
+For a list of available file locking methods, use the "\fBpostconf
+\-l\fR" command.
+.PP
+This setting is ignored with \fBmaildir\fR style delivery,
+because such deliveries are safe without explicit locks.
+.PP
+Note: The \fBdotlock\fR method requires that the recipient UID or
+GID has write access to the parent directory of the mailbox file.
+.PP
+Note: the default setting of this parameter is system dependent.
+.SH mailbox_size_limit (default: 51200000)
+The maximal size of any \fBlocal\fR(8) individual mailbox or maildir
+file, or zero (no limit). In fact, this limits the size of any
+file that is written to upon local delivery, including files written
+by external commands that are executed by the \fBlocal\fR(8) delivery
+agent. The value cannot exceed LONG_MAX (typically, a 32\-bit or
+64\-bit signed integer).
+.PP
+This limit must not be smaller than the message size limit.
+.SH mailbox_transport (default: empty)
+Optional message delivery transport that the \fBlocal\fR(8) delivery
+agent should use for mailbox delivery to all local recipients,
+whether or not they are found in the UNIX passwd database.
+.PP
+The precedence of \fBlocal\fR(8) delivery features from high to low
+is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
+mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
+fallback_transport_maps, fallback_transport and luser_relay.
+.SH mailbox_transport_maps (default: empty)
+Optional lookup tables with per\-recipient message delivery
+transports to use for \fBlocal\fR(8) mailbox delivery, whether or not the
+recipients are found in the UNIX passwd database.
+.PP
+The precedence of \fBlocal\fR(8) delivery features from high to low
+is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
+mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
+fallback_transport_maps, fallback_transport and luser_relay.
+.PP
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+.PP
+For safety reasons, this feature does not allow $number
+substitutions in regular expression maps.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH maillog_file (default: empty)
+The name of an optional logfile that is written by the Postfix
+\fBpostlogd\fR(8) service. An empty value selects logging to \fBsyslogd\fR(8).
+Specify "/dev/stdout" to select logging to standard output. Stdout
+logging requires that Postfix is started with "postfix start\-fg".
+.PP
+Note 1: The maillog_file parameter value must contain a prefix
+that is specified with the maillog_file_prefixes parameter.
+.PP
+Note 2: Some Postfix non\-daemon programs may still log information
+to \fBsyslogd\fR(8), before they have processed their configuration
+parameters and command\-line options.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH maillog_file_compressor (default: gzip)
+The program to run after rotating $maillog_file with "postfix
+logrotate". The command is run with the rotated logfile name as its
+first argument.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH maillog_file_prefixes (default: /var, /dev/stdout)
+A list of allowed prefixes for a maillog_file value. This is a
+safety feature to contain the damage from a single configuration
+mistake. Specify one or more prefix strings, separated by comma or
+whitespace.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH maillog_file_rotate_suffix (default: %Y%m%d\-%H%M%S)
+The format of the suffix to append to $maillog_file while rotating
+the file with "postfix logrotate". See \fBstrftime\fR(3) for syntax. The
+default suffix, YYYYMMDD\-HHMMSS, allows logs to be rotated frequently.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH mailq_path (default: see "postconf \-d" output)
+Sendmail compatibility feature that specifies where the Postfix
+\fBmailq\fR(1) command is installed. This command can be used to
+list the Postfix mail queue.
+.SH manpage_directory (default: see "postconf \-d" output)
+Where the Postfix manual pages are installed.
+.SH maps_rbl_domains (default: empty)
+Obsolete feature: use the reject_rbl_client feature instead.
+.SH maps_rbl_reject_code (default: 554)
+The numerical Postfix SMTP server response code when a remote SMTP
+client request is blocked by the reject_rbl_client, reject_rhsbl_client,
+reject_rhsbl_reverse_client, reject_rhsbl_sender or
+reject_rhsbl_recipient restriction.
+.PP
+Do not change this unless you have a complete understanding of RFC 5321.
+.SH masquerade_classes (default: envelope_sender, header_sender, header_recipient)
+What addresses are subject to address masquerading.
+.PP
+By default, address masquerading is limited to envelope sender
+addresses, and to header sender and header recipient addresses.
+This allows you to use address masquerading on a mail gateway while
+still being able to forward mail to users on individual machines.
+.PP
+Specify zero or more of: envelope_sender, envelope_recipient,
+header_sender, header_recipient
+.SH masquerade_domains (default: empty)
+Optional list of domains whose subdomain structure will be stripped
+off in email addresses.
+.PP
+The list is processed left to right, and processing stops at the
+first match. Thus,
+.sp
+.in +4
+.nf
+.na
+.ft C
+masquerade_domains = foo.example.com example.com
+.fi
+.ad
+.ft R
+.in -4
+.PP
+strips "user@any.thing.foo.example.com" to "user@foo.example.com",
+but strips "user@any.thing.else.example.com" to "user@example.com".
+.PP
+A domain name prefixed with ! means do not masquerade this domain
+or its subdomains. Thus,
+.sp
+.in +4
+.nf
+.na
+.ft C
+masquerade_domains = !foo.example.com example.com
+.fi
+.ad
+.ft R
+.in -4
+.PP
+does not change "user@any.thing.foo.example.com" or "user@foo.example.com",
+but strips "user@any.thing.else.example.com" to "user@example.com".
+.PP
+Note: with Postfix version 2.2, message header address masquerading
+happens only when message header address rewriting is enabled:
+.IP \(bu
+The message is received with the Postfix \fBsendmail\fR(1) command,
+.IP \(bu
+The message is received from a network client that matches
+$local_header_rewrite_clients,
+.IP \(bu
+The message is received from the network, and the
+remote_header_rewrite_domain parameter specifies a non\-empty value.
+.br
+.PP
+To get the behavior before Postfix version 2.2, specify
+"local_header_rewrite_clients = static:all".
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+masquerade_domains = $mydomain
+.fi
+.ad
+.ft R
+.SH masquerade_exceptions (default: empty)
+Optional list of user names that are not subjected to address
+masquerading, even when their addresses match $masquerade_domains.
+.PP
+By default, address masquerading makes no exceptions.
+.PP
+Specify a list of user names, "/file/name" or "type:table" patterns,
+separated by commas and/or whitespace. The list is matched left to
+right, and the search stops on the first match. A "/file/name"
+pattern is replaced
+by its contents; a "type:table" lookup table is matched when a name
+matches a lookup key (the lookup result is ignored). Continue long
+lines by starting the next line with whitespace. Specify "!pattern"
+to exclude a name from the list. The form "!/file/name" is supported
+only in Postfix version 2.4 and later.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+masquerade_exceptions = root, mailer\-daemon
+masquerade_exceptions = root
+.fi
+.ad
+.ft R
+.SH master_service_disable (default: empty)
+Selectively disable \fBmaster\fR(8) listener ports by service type
+or by service name and type. Specify a list of service types
+("inet", "unix", "fifo", or "pass") or "name/type" tuples, where
+"name" is the first field of a master.cf entry and "type" is a
+service type. As with other Postfix matchlists, a search stops at
+the first match. Specify "!pattern" to exclude a service from the
+list. By default, all \fBmaster\fR(8) listener ports are enabled.
+.PP
+Note: this feature does not support "/file/name" or "type:table"
+patterns, nor does it support wildcards such as "*" or "all". This
+is intentional.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+# With Postfix 2.6..2.10 use '.' instead of '/'.
+# Turn on all \fBmaster\fR(8) listener ports (the default).
+master_service_disable =
+# Turn off only the main SMTP listener port.
+master_service_disable = smtp/inet
+# Turn off all TCP/IP listener ports.
+master_service_disable = inet
+# Turn off all TCP/IP listener ports except "foo".
+master_service_disable = !foo/inet, inet
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.6 and later.
+.SH max_idle (default: 100s)
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily. This
+parameter
+is ignored by the Postfix queue manager and by other long\-lived
+Postfix daemon processes.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH max_use (default: 100)
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily. This parameter
+is ignored by the Postfix queue
+manager and by other long\-lived Postfix daemon processes.
+.SH maximal_backoff_time (default: 4000s)
+The maximal time between attempts to deliver a deferred message.
+.PP
+This parameter should be set to a value greater than or equal
+to $minimal_backoff_time. See also $queue_run_delay.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH maximal_queue_lifetime (default: 5d)
+Consider a message as undeliverable, when delivery fails with a
+temporary error, and the time in the queue has reached the
+maximal_queue_lifetime limit.
+.PP
+Specify a non\-negative time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is d (days).
+.PP
+Specify 0 when mail delivery should be tried only once.
+.SH message_drop_headers (default: bcc, content\-length, resent\-bcc, return\-path)
+Names of message headers that the \fBcleanup\fR(8) daemon will remove
+after applying \fBheader_checks\fR(5) and before invoking Milter applications.
+The default setting is compatible with Postfix < 3.0.
+.PP
+Specify a list of header names, separated by comma or space.
+Names are matched in a case\-insensitive manner. The list of supported
+header names is limited only by available memory.
+.PP
+This feature is available in Postfix 3.0 and later.
+.SH message_reject_characters (default: empty)
+The set of characters that Postfix will reject in message
+content. The usual C\-like escape sequences are recognized: \ea
+\eb \ef \en \er \et \ev \e\fIddd\fR (up to three octal digits) and
+\e\e.
+.PP
+Note 1: this feature does not recognize text that requires MIME
+decoding. It inspects raw message content, just like header_checks
+and body_checks.
+.PP
+Note 2: this feature is disabled with "receive_override_options
+= no_header_body_checks".
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+message_reject_characters = \e0
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH message_size_limit (default: 10240000)
+The maximal size in bytes of a message, including envelope information.
+The value cannot exceed LONG_MAX (typically, a 32\-bit or 64\-bit
+signed integer).
+.PP
+Note: be careful when making changes. Excessively small values
+will result in the loss of non\-delivery notifications, when a bounce
+message size exceeds the local or remote MTA's message size limit.
+.SH message_strip_characters (default: empty)
+The set of characters that Postfix will remove from message
+content. The usual C\-like escape sequences are recognized: \ea
+\eb \ef \en \er \et \ev \e\fIddd\fR (up to three octal digits) and
+\e\e.
+.PP
+Note 1: this feature does not recognize text that requires MIME
+decoding. It inspects raw message content, just like header_checks
+and body_checks.
+.PP
+Note 2: this feature is disabled with "receive_override_options
+= no_header_body_checks".
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+message_strip_characters = \e0
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH meta_directory (default: see 'postconf \-d' output)
+The location of non\-executable files that are shared among
+multiple Postfix instances, such as postfix\-files, dynamicmaps.cf,
+and the multi\-instance template files main.cf.proto and master.cf.proto.
+This directory should contain only Postfix\-related files. Typically,
+the meta_directory parameter has the same default as the config_directory
+parameter (/etc/postfix or /usr/local/etc/postfix).
+.PP
+For backwards compatibility with Postfix versions 2.6..2.11,
+specify "meta_directory = $daemon_directory" in main.cf before
+installing or upgrading Postfix, or specify "meta_directory =
+/path/name" on the "make makefiles", "make install" or "make upgrade"
+command line.
+.PP
+This feature is available in Postfix 3.0 and later.
+.SH milter_command_timeout (default: 30s)
+The time limit for sending an SMTP command to a Milter (mail
+filter) application, and for receiving the response.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH milter_connect_macros (default: see "postconf \-d" output)
+The macros that are sent to Milter (mail filter) applications
+after completion of an SMTP connection. See MILTER_README
+for a list of available macro names and their meanings.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH milter_connect_timeout (default: 30s)
+The time limit for connecting to a Milter (mail filter)
+application, and for negotiating protocol options.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH milter_content_timeout (default: 300s)
+The time limit for sending message content to a Milter (mail
+filter) application, and for receiving the response.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH milter_data_macros (default: see "postconf \-d" output)
+The macros that are sent to version 4 or higher Milter (mail
+filter) applications after the SMTP DATA command. See MILTER_README
+for a list of available macro names and their meanings.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH milter_default_action (default: tempfail)
+The default action when a Milter (mail filter) response is
+unavailable (for example, bad Postfix configuration or Milter
+failure). Specify one of the following:
+.IP "accept"
+Proceed as if the mail filter was not present.
+.br
+.IP "reject"
+Reject all further commands in this session
+with a permanent status code.
+.br
+.IP "tempfail"
+Reject all further commands in this session
+with a temporary status code.
+.br
+.IP "quarantine"
+Like "accept", but freeze the message in
+the "hold" queue. Available with Postfix 2.6 and later.
+.br
+.br
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH milter_end_of_data_macros (default: see "postconf \-d" output)
+The macros that are sent to Milter (mail filter) applications
+after the message end\-of\-data. See MILTER_README for a list of
+available macro names and their meanings.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH milter_end_of_header_macros (default: see "postconf \-d" output)
+The macros that are sent to Milter (mail filter) applications
+after the end of the message header. See MILTER_README for a list
+of available macro names and their meanings.
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH milter_header_checks (default: empty)
+Optional lookup tables for content inspection of message headers
+that are produced by Milter applications. See the \fBheader_checks\fR(5)
+manual page available actions. Currently, PREPEND is not implemented.
+.PP
+The following example sends all mail that is marked as SPAM to
+a spam handling machine. Note that matches are case\-insensitive
+by default.
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ milter_header_checks = pcre:/etc/postfix/milter_header_checks
+.fi
+.ad
+.ft R
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/milter_header_checks:
+ /^X\-SPAM\-FLAG:\es+YES/ FILTER mysmtp:sanitizer.example.com:25
+.fi
+.ad
+.ft R
+.PP
+The milter_header_checks mechanism could also be used for
+allowlisting. For example it could be used to skip heavy content
+inspection for DKIM\-signed mail from known friendly domains.
+.PP
+This feature is available in Postfix 2.7, and as an optional
+patch for Postfix 2.6.
+.SH milter_helo_macros (default: see "postconf \-d" output)
+The macros that are sent to Milter (mail filter) applications
+after the SMTP HELO or EHLO command. See
+MILTER_README for a list of available macro names and their meanings.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH milter_macro_daemon_name (default: $myhostname)
+The {daemon_name} macro value for Milter (mail filter) applications.
+See MILTER_README for a list of available macro names and their
+meanings.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH milter_macro_defaults (default: empty)
+Optional list of \fIname=value\fR pairs that specify default
+values for arbitrary macros that Postfix may send to Milter
+applications. These defaults are used when there is no corresponding
+information from the message delivery context.
+.PP
+Specify \fIname=value\fR or \fI{name=value}\fR pairs separated
+by comma or whitespace. Enclose a pair in "{}" when a value contains
+comma or whitespace (this form ignores whitespace after the enclosing
+"{", around the "=", and before the enclosing "}").
+.PP
+This feature is available in Postfix 3.1 and later.
+.SH milter_macro_v (default: $mail_name $mail_version)
+The {v} macro value for Milter (mail filter) applications.
+See MILTER_README for a list of available macro names and their
+meanings.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH milter_mail_macros (default: see "postconf \-d" output)
+The macros that are sent to Milter (mail filter) applications
+after the SMTP MAIL FROM command. See MILTER_README
+for a list of available macro names and their meanings.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH milter_protocol (default: 6)
+The mail filter protocol version and optional protocol extensions
+for communication with a Milter application; prior to Postfix 2.6
+the default protocol is 2. Postfix
+sends this version number during the initial protocol handshake.
+It should match the version number that is expected by the mail
+filter application (or by its Milter library).
+.PP
+Protocol versions:
+.IP "2"
+Use Sendmail 8 mail filter protocol version 2 (default
+with Sendmail version 8.11 .. 8.13 and Postfix version 2.3 ..
+2.5).
+.br
+.IP "3"
+Use Sendmail 8 mail filter protocol version 3.
+.br
+.IP "4"
+Use Sendmail 8 mail filter protocol version 4.
+.br
+.IP "6"
+Use Sendmail 8 mail filter protocol version 6 (default
+with Sendmail version 8.14 and Postfix version 2.6).
+.br
+.br
+.PP
+Protocol extensions:
+.IP "no_header_reply"
+Specify this when the Milter application
+will not reply for each individual message header.
+.br
+.br
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH milter_rcpt_macros (default: see "postconf \-d" output)
+The macros that are sent to Milter (mail filter) applications
+after the SMTP RCPT TO command. See MILTER_README
+for a list of available macro names and their meanings.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH milter_unknown_command_macros (default: see "postconf \-d" output)
+The macros that are sent to version 3 or higher Milter (mail
+filter) applications after an unknown SMTP command. See MILTER_README
+for a list of available macro names and their meanings.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH mime_boundary_length_limit (default: 2048)
+The maximal length of MIME multipart boundary strings. The MIME
+processor is unable to distinguish between boundary strings that
+do not differ in the first $mime_boundary_length_limit characters.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH mime_header_checks (default: $header_checks)
+Optional lookup tables for content inspection of MIME related
+message headers, as described in the \fBheader_checks\fR(5) manual page.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH mime_nesting_limit (default: 100)
+The maximal recursion level that the MIME processor will handle.
+Postfix refuses mail that is nested deeper than the specified limit.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH minimal_backoff_time (default: 300s)
+The minimal time between attempts to deliver a deferred message;
+prior to Postfix 2.4 the default value was 1000s.
+.PP
+This parameter also limits the time an unreachable destination is
+kept in the short\-term, in\-memory, destination status cache.
+.PP
+This parameter should be set greater than or equal to
+$queue_run_delay. See also $maximal_backoff_time.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH multi_instance_directories (default: empty)
+An optional list of non\-default Postfix configuration directories;
+these directories belong to additional Postfix instances that share
+the Postfix executable files and documentation with the default
+Postfix instance, and that are started, stopped, etc., together
+with the default Postfix instance. Specify a list of pathnames
+separated by comma or whitespace.
+.PP
+When $multi_instance_directories is empty, the \fBpostfix\fR(1) command
+runs in single\-instance mode and operates on a single Postfix
+instance only. Otherwise, the \fBpostfix\fR(1) command runs in multi\-instance
+mode and invokes the multi\-instance manager specified with the
+multi_instance_wrapper parameter. The multi\-instance manager in
+turn executes \fBpostfix\fR(1) commands for the default instance and for
+all Postfix instances in $multi_instance_directories.
+.PP
+Currently, this parameter setting is ignored except for the
+default main.cf file.
+.PP
+This feature is available in Postfix 2.6 and later.
+.SH multi_instance_enable (default: no)
+Allow this Postfix instance to be started, stopped, etc., by a
+multi\-instance manager. By default, new instances are created in
+a safe state that prevents them from being started inadvertently.
+This parameter is reserved for the multi\-instance manager.
+.PP
+This feature is available in Postfix 2.6 and later.
+.SH multi_instance_group (default: empty)
+The optional instance group name of this Postfix instance. A
+group identifies closely\-related Postfix instances that the
+multi\-instance manager can start, stop, etc., as a unit. This
+parameter is reserved for the multi\-instance manager.
+.PP
+This feature is available in Postfix 2.6 and later.
+.SH multi_instance_name (default: empty)
+The optional instance name of this Postfix instance. This name
+becomes also the default value for the syslog_name parameter.
+.PP
+This feature is available in Postfix 2.6 and later.
+.SH multi_instance_wrapper (default: empty)
+The pathname of a multi\-instance manager command that the
+\fBpostfix\fR(1) command invokes when the multi_instance_directories
+parameter value is non\-empty. The pathname may be followed by
+initial command arguments separated by whitespace; shell
+metacharacters such as quotes are not supported in this context.
+.PP
+The \fBpostfix\fR(1) command invokes the manager command with the
+\fBpostfix\fR(1) non\-option command arguments on the manager command line,
+and with all installation configuration parameters exported into
+the manager command process environment. The manager command in
+turn invokes the \fBpostfix\fR(1) command for individual Postfix instances
+as "postfix \-c \fIconfig_directory\fR \fIcommand\fR".
+.PP
+This feature is available in Postfix 2.6 and later.
+.SH multi_recipient_bounce_reject_code (default: 550)
+The numerical Postfix SMTP server response code when a remote SMTP
+client request is blocked by the reject_multi_recipient_bounce
+restriction.
+.PP
+Do not change this unless you have a complete understanding of RFC 5321.
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH mydestination (default: $myhostname, localhost.$mydomain, localhost)
+The list of domains that are delivered via the $local_transport
+mail delivery transport. By default this is the Postfix \fBlocal\fR(8)
+delivery agent which looks up all recipients in /etc/passwd and
+/etc/aliases. The SMTP server validates recipient addresses with
+$local_recipient_maps and rejects non\-existent recipients. See also
+the local domain class in the ADDRESS_CLASS_README file.
+.PP
+The default mydestination value specifies names for the local
+machine only. On a mail domain gateway, you should also include
+$mydomain.
+.PP
+The $local_transport delivery method is also selected for mail
+addressed to user@[the.net.work.address] of the mail system (the
+IP addresses specified with the inet_interfaces and proxy_interfaces
+parameters).
+.PP
+Warnings:
+.IP \(bu
+Do not specify the names of virtual domains \- those domains
+are specified elsewhere. See VIRTUAL_README for more information.
+.IP \(bu
+Do not specify the names of domains that this machine is
+backup MX host for. See STANDARD_CONFIGURATION_README for how to
+set up backup MX hosts.
+.IP \(bu
+By default, the Postfix SMTP server rejects mail for recipients
+not listed with the local_recipient_maps parameter. See the
+\fBpostconf\fR(5) manual for a description of the local_recipient_maps
+and unknown_local_recipient_reject_code parameters.
+.br
+.PP
+Specify a list of host or domain names, "/file/name" or "type:table"
+patterns, separated by commas and/or whitespace. A "/file/name"
+pattern is replaced by its contents; a "type:table" lookup table
+is matched when a name matches a lookup key (the lookup result is
+ignored). Continue long lines by starting the next line with
+whitespace.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+mydestination = $myhostname, localhost.$mydomain $mydomain
+mydestination = $myhostname, localhost.$mydomain www.$mydomain, ftp.$mydomain
+.fi
+.ad
+.ft R
+.SH mydomain (default: see "postconf \-d" output)
+The internet domain name of this mail system. The default is to
+use $myhostname minus the first component, or "localdomain" (Postfix
+2.3 and later). $mydomain is used as
+a default value for many other configuration parameters.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+mydomain = domain.tld
+.fi
+.ad
+.ft R
+.SH myhostname (default: see "postconf \-d" output)
+The internet hostname of this mail system. The default is to use
+the fully\-qualified domain name (FQDN) from gethostname(), or to
+use the non\-FQDN result from gethostname() and append ".$mydomain".
+$myhostname is used as a default value for many other configuration
+parameters.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+myhostname = host.example.com
+.fi
+.ad
+.ft R
+.SH mynetworks (default: see "postconf \-d" output)
+The list of "trusted" remote SMTP clients that have more privileges than
+"strangers".
+.PP
+In particular, "trusted" SMTP clients are allowed to relay mail
+through Postfix. See the smtpd_relay_restrictions parameter
+description in the \fBpostconf\fR(5) manual.
+.PP
+You can specify the list of "trusted" network addresses by hand
+or you can let Postfix do it for you (which is the default).
+See the description of the mynetworks_style parameter for more
+information.
+.PP
+If you specify the mynetworks list by hand,
+Postfix ignores the mynetworks_style setting.
+.PP
+Specify a list of network addresses or network/netmask patterns,
+separated by commas and/or whitespace. Continue long lines by
+starting the next line with whitespace.
+.PP
+The netmask specifies the number of bits in the network part
+of a host address. You can also specify "/file/name" or "type:table"
+patterns. A "/file/name" pattern is replaced by its contents; a
+"type:table" lookup table is matched when a table entry matches a
+lookup string (the lookup result is ignored).
+.PP
+The list is matched left to right, and the search stops on the
+first match. Specify "!pattern" to exclude an address or network
+block from the list. The form "!/file/name" is supported only
+in Postfix version 2.4 and later.
+.PP
+Note 1: Pattern matching of domain names is controlled by the
+presence or absence of "mynetworks" in the parent_domain_matches_subdomains
+parameter value.
+.PP
+Note 2: IP version 6 address information must be specified inside
+[] in the mynetworks value, and in files specified with
+"/file/name". IP version 6 addresses contain the ":" character,
+and would otherwise be confused with a "type:table" pattern.
+.PP
+Note 3: CIDR ranges cannot be specified in hash tables. Use cidr
+tables if CIDR ranges are used.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+mynetworks = 127.0.0.0/8 168.100.189.0/28
+mynetworks = !192.168.0.1, 192.168.0.0/28
+mynetworks = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [2001:240:587::]/64
+mynetworks = $config_directory/mynetworks
+mynetworks = hash:/etc/postfix/network_table
+mynetworks = cidr:/etc/postfix/network_table.cidr
+.fi
+.ad
+.ft R
+.SH mynetworks_style (default: Postfix >= 3.0: host, Postfix < 3.0: subnet)
+The method to generate the default value for the mynetworks parameter.
+This is the list of trusted networks for relay access control etc.
+.IP \(bu
+Specify "mynetworks_style = host" when Postfix should
+"trust" only the local machine.
+.IP \(bu
+Specify "mynetworks_style = subnet" when Postfix
+should "trust" remote SMTP clients in the same IP subnetworks as the local
+machine. On Linux, this works correctly only with interfaces
+specified with the "ifconfig" or "ip" command.
+.IP \(bu
+Specify "mynetworks_style = class" when Postfix should
+"trust" remote SMTP clients in the same IP class A/B/C networks as the
+local machine. Caution: this may cause
+Postfix to "trust" your entire provider's network. Instead, specify
+an explicit mynetworks list by hand, as described with the mynetworks
+configuration parameter.
+.br
+.SH myorigin (default: $myhostname)
+The domain name that locally\-posted mail appears to come
+from, and that locally posted mail is delivered to. The default,
+$myhostname, is adequate for small sites. If you run a domain with
+multiple machines, you should (1) change this to $mydomain and (2)
+set up a domain\-wide alias database that aliases each user to
+user@that.users.mailhost.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+myorigin = $mydomain
+.fi
+.ad
+.ft R
+.SH nested_header_checks (default: $header_checks)
+Optional lookup tables for content inspection of non\-MIME message
+headers in attached messages, as described in the \fBheader_checks\fR(5)
+manual page.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH newaliases_path (default: see "postconf \-d" output)
+Sendmail compatibility feature that specifies the location of the
+\fBnewaliases\fR(1) command. This command can be used to rebuild the
+\fBlocal\fR(8) \fBaliases\fR(5) database.
+.SH non_fqdn_reject_code (default: 504)
+The numerical Postfix SMTP server reply code when a client request
+is rejected by the reject_non_fqdn_helo_hostname, reject_non_fqdn_sender
+or reject_non_fqdn_recipient restriction.
+.SH non_smtpd_milters (default: empty)
+A list of Milter (mail filter) applications for new mail that
+does not arrive via the Postfix \fBsmtpd\fR(8) server. This includes local
+submission via the \fBsendmail\fR(1) command line, new mail that arrives
+via the Postfix \fBqmqpd\fR(8) server, and old mail that is re\-injected
+into the queue with "postsuper \-r". Specify space or comma as a
+separator. See the MILTER_README document for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH notify_classes (default: resource, software)
+The list of error classes that are reported to the postmaster. These
+postmaster notifications do not replace user notifications. The
+default is to report only the most serious problems. The paranoid
+may wish to turn on the policy (UCE and mail relaying) and protocol
+error (broken mail software) reports.
+.PP
+NOTE: postmaster notifications may contain confidential information
+such as SASL passwords or message content. It is the system
+administrator's responsibility to treat such information with care.
+.PP
+The error classes are:
+.IP "\fBbounce\fR (also implies \fB2bounce\fR)"
+Send the postmaster copies of the headers of bounced mail, and
+send transcripts of SMTP sessions when Postfix rejects mail. The
+notification is sent to the address specified with the
+bounce_notice_recipient configuration parameter (default: postmaster).
+.br
+.IP "\fB2bounce\fR"
+Send undeliverable bounced mail to the postmaster. The notification
+is sent to the address specified with the 2bounce_notice_recipient
+configuration parameter (default: postmaster).
+.br
+.IP "\fBdata\fR"
+Send the postmaster a transcript of the SMTP session with an
+error because a critical data file was unavailable. The notification
+is sent to the address specified with the error_notice_recipient
+configuration parameter (default: postmaster).
+.br
+This feature
+is available in Postfix 2.9 and later.
+.br
+.IP "\fBdelay\fR"
+Send the postmaster copies of the headers of delayed mail (see
+delay_warning_time). The
+notification is sent to the address specified with the
+delay_notice_recipient configuration parameter (default: postmaster).
+.br
+.IP "\fBpolicy\fR"
+Send the postmaster a transcript of the SMTP session when a
+client request was rejected because of (UCE) policy. The notification
+is sent to the address specified with the error_notice_recipient
+configuration parameter (default: postmaster).
+.br
+.IP "\fBprotocol\fR"
+Send the postmaster a transcript of the SMTP session in case
+of client or server protocol errors. The notification is sent to
+the address specified with the error_notice_recipient configuration
+parameter (default: postmaster).
+.br
+.IP "\fBresource\fR"
+Inform the postmaster of mail not delivered due to resource
+problems. The notification is sent to the address specified with
+the error_notice_recipient configuration parameter (default:
+postmaster).
+.br
+.IP "\fBsoftware\fR"
+Inform the postmaster of mail not delivered due to software
+problems. The notification is sent to the address specified with
+the error_notice_recipient configuration parameter (default:
+postmaster).
+.br
+.br
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+notify_classes = bounce, delay, policy, protocol, resource, software
+notify_classes = 2bounce, resource, software
+.fi
+.ad
+.ft R
+.SH openssl_path (default: openssl)
+The location of the OpenSSL command line program \fBopenssl\fR(1). This
+is used by the "\fBpostfix tls\fR" command to create private keys,
+certificate signing requests, self\-signed certificates, and to
+compute public key digests for DANE TLSA records. In multi\-instance
+environments, this parameter is always determined from the configuration
+of the default Postfix instance.
+.PP
+Example:
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ # NetBSD pkgsrc:
+ openssl_path = /usr/pkg/bin/openssl
+ # Local build:
+ openssl_path = /usr/local/bin/openssl
+.fi
+.ad
+.ft R
+.in -4
+.PP
+This feature is available in Postfix 3.1 and later.
+.SH owner_request_special (default: yes)
+Enable special treatment for owner\-\fIlistname\fR entries in the
+\fBaliases\fR(5) file, and don't split owner\-\fIlistname\fR and
+\fIlistname\fR\-request address localparts when the recipient_delimiter
+is set to "\-". This feature is useful for mailing lists.
+.SH parent_domain_matches_subdomains (default: see "postconf \-d" output)
+A list of Postfix features where the pattern "example.com" also
+matches subdomains of example.com,
+instead of requiring an explicit ".example.com" pattern. This is
+planned backwards compatibility: eventually, all Postfix features
+are expected to require explicit ".example.com" style patterns when
+you really want to match subdomains.
+.PP
+The following Postfix feature names are supported.
+.IP "Postfix version 1.0 and later"
+debug_peer_list,
+fast_flush_domains,
+mynetworks,
+permit_mx_backup_networks,
+relay_domains,
+transport_maps
+.br
+.IP "Postfix version 1.1 and later"
+qmqpd_authorized_clients,
+smtpd_access_maps,
+.br
+.IP "Postfix version 2.8 and later"
+postscreen_access_list
+.br
+.IP "Postfix version 3.0 and later"
+smtpd_client_event_limit_exceptions
+.br
+.br
+.SH permit_mx_backup_networks (default: empty)
+Restrict the use of the permit_mx_backup SMTP access feature to
+only domains whose primary MX hosts match the listed networks.
+The parameter value syntax is the same as with the mynetworks
+parameter; note, however, that the default value is empty.
+.PP
+Pattern matching of domain names is controlled by the presence
+or absence of "permit_mx_backup_networks" in the
+parent_domain_matches_subdomains parameter value.
+.SH pickup_service_name (default: pickup)
+The name of the \fBpickup\fR(8) service. This service picks up local mail
+submissions from the Postfix maildrop queue.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH pipe_delivery_status_filter (default: $default_delivery_status_filter)
+Optional filter for the \fBpipe\fR(8) delivery agent to change the
+delivery status code or explanatory text of successful or unsuccessful
+deliveries. See default_delivery_status_filter for details.
+.PP
+This feature is available in Postfix 3.0 and later.
+.SH plaintext_reject_code (default: 450)
+The numerical Postfix SMTP server response code when a request
+is rejected by the \fBreject_plaintext_session\fR restriction.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH postlog_service_name (default: postlog)
+The name of the \fBpostlogd\fR(8) service entry in master.cf.
+This service appends logfile records to the file specified
+with the maillog_file parameter.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH postlogd_watchdog_timeout (default: 10s)
+How much time a \fBpostlogd\fR(8) process may take to process a request
+before it is terminated by a built\-in watchdog timer. This is a
+safety mechanism that prevents \fBpostlogd\fR(8) from becoming non\-responsive
+due to a bug in Postfix itself or in system software. This limit
+cannot be set under 10s.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH postmulti_control_commands (default: reload flush)
+The \fBpostfix\fR(1) commands that the \fBpostmulti\fR(1) instance manager
+treats as "control" commands, that operate on running instances. For
+these commands, disabled instances are skipped.
+.PP
+This feature is available in Postfix 2.6 and later.
+.SH postmulti_start_commands (default: start)
+The \fBpostfix\fR(1) commands that the \fBpostmulti\fR(1) instance manager treats
+as "start" commands. For these commands, disabled instances are "checked"
+rather than "started", and failure to "start" a member instance of an
+instance group will abort the start\-up of later instances.
+.PP
+This feature is available in Postfix 2.6 and later.
+.SH postmulti_stop_commands (default: see "postconf \-d" output)
+The \fBpostfix\fR(1) commands that the \fBpostmulti\fR(1) instance manager treats
+as "stop" commands. For these commands, disabled instances are skipped,
+and enabled instances are processed in reverse order.
+.PP
+This feature is available in Postfix 2.6 and later.
+.SH postscreen_access_list (default: permit_mynetworks)
+Permanent allow/denylist for remote SMTP client IP addresses.
+\fBpostscreen\fR(8) searches this list immediately after a remote SMTP
+client connects. Specify a comma\- or whitespace\-separated list of
+commands (in upper or lower case) or lookup tables. The search stops
+upon the first command that fires for the client IP address.
+.IP "\fB permit_mynetworks \fR"
+Allowlist the client and
+terminate the search if the client IP address matches $mynetworks.
+Do not subject the client to any before/after 220 greeting tests.
+Pass the connection immediately to a Postfix SMTP server process.
+.br
+Pattern matching of domain names is controlled by the presence
+or absence of "postscreen_access_list" in the
+parent_domain_matches_subdomains parameter value.
+.br
+.IP "\fB type:table \fR"
+Query the specified lookup
+table. Each table lookup result is an access list, except that
+access lists inside a table cannot specify type:table entries.
+.br
+To discourage the use of hash, btree, etc. tables, there is no
+support for substring matching like \fBsmtpd\fR(8). Use CIDR tables
+instead.
+.br
+.IP "\fB permit \fR"
+Allowlist the client and terminate
+the search. Do not subject the client to any before/after 220
+greeting tests. Pass the connection immediately to a Postfix SMTP
+server process.
+.br
+.IP "\fB reject \fR"
+Denylist the client and terminate
+the search. Subject the client to the action configured with the
+postscreen_denylist_action configuration parameter.
+.br
+.IP "\fB dunno \fR"
+All \fBpostscreen\fR(8) access lists
+implicitly have this command at the end.
+.br
+When \fB dunno \fR
+is executed inside a lookup table, return from the lookup table and
+evaluate the next command.
+.br
+When \fB dunno \fR is executed
+outside a lookup table, terminate the search, and subject the client
+to the configured before/after 220 greeting tests.
+.br
+.br
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ postscreen_access_list = permit_mynetworks,
+ cidr:/etc/postfix/postscreen_access.cidr
+ # Postfix < 3.6 use postscreen_blacklist_action.
+ postscreen_denylist_action = enforce
+.fi
+.ad
+.ft R
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/postscreen_access.cidr:
+ # Rules are evaluated in the order as specified.
+ # Denylist 192.168.* except 192.168.0.1.
+ 192.168.0.1 dunno
+ 192.168.0.0/16 reject
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_allowlist_interfaces (default: static:all)
+A list of local \fBpostscreen\fR(8) server IP addresses where a
+non\-allowlisted remote SMTP client can obtain \fBpostscreen\fR(8)'s temporary
+allowlist status. This status is required before the client can
+talk to a Postfix SMTP server process. By default, a client can
+obtain \fBpostscreen\fR(8)'s allowlist status on any local \fBpostscreen\fR(8)
+server IP address.
+.PP
+When \fBpostscreen\fR(8) listens on both primary and backup MX
+addresses, the postscreen_allowlist_interfaces parameter can be
+configured to give the temporary allowlist status only when a client
+connects to a primary MX address. Once a client is allowlisted it
+can talk to a Postfix SMTP server on any address. Thus, clients
+that connect only to backup MX addresses will never become allowlisted,
+and will never be allowed to talk to a Postfix SMTP server process.
+.PP
+Specify a list of network addresses or network/netmask patterns,
+separated by commas and/or whitespace. The netmask specifies the
+number of bits in the network part of a host address. Continue long
+lines by starting the next line with whitespace.
+.PP
+You can also specify "/file/name" or "type:table" patterns. A
+"/file/name" pattern is replaced by its contents; a "type:table"
+lookup table is matched when a table entry matches a lookup string
+(the lookup result is ignored).
+.PP
+The list is matched left to right, and the search stops on the
+first match. Specify "!pattern" to exclude an address or network
+block from the list.
+.PP
+Note: IP version 6 address information must be specified inside
+[] in the postscreen_allowlist_interfaces value, and in files
+specified with "/file/name". IP version 6 addresses contain the
+":" character, and would otherwise be confused with a "type:table"
+pattern.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ # Don't allowlist connections to the backup IP address.
+ # Postfix < 3.6 use postscreen_whitelist_interfaces.
+ postscreen_allowlist_interfaces = !168.100.189.8, static:all
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 3.6 and later.
+.PP
+Available as postscreen_whitelist_interfaces in Postfix 2.9 \- 3.5.
+.SH postscreen_bare_newline_action (default: ignore)
+The action that \fBpostscreen\fR(8) takes when a remote SMTP client sends
+a bare newline character, that is, a newline not preceded by carriage
+return. Specify one of the following:
+.IP "\fBignore\fR"
+Ignore the failure of this test. Allow other tests to complete.
+Do \fInot\fR repeat this test before the result from some
+other test expires.
+This option is useful for testing and collecting statistics
+without blocking mail permanently.
+.br
+.IP "\fBenforce\fR"
+Allow other tests to complete. Reject attempts to deliver mail
+with a 550 SMTP reply, and log the helo/sender/recipient information.
+Repeat this test the next time the client connects.
+.br
+.IP "\fBdrop\fR"
+Drop the connection immediately with a 521 SMTP reply. Repeat
+this test the next time the client connects.
+.br
+.br
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_bare_newline_enable (default: no)
+Enable "bare newline" SMTP protocol tests in the \fBpostscreen\fR(8)
+server. These tests are expensive: a remote SMTP client must
+disconnect after
+it passes the test, before it can talk to a real Postfix SMTP server.
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_bare_newline_ttl (default: 30d)
+The amount of time that \fBpostscreen\fR(8) will use the result from
+a successful "bare newline" SMTP protocol test. During this
+time, the client IP address is excluded from this test. The default
+is long because a remote SMTP client must disconnect after it passes
+the test,
+before it can talk to a real Postfix SMTP server.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is d (days).
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_blacklist_action (default: ignore)
+Renamed to postscreen_denylist_action in Postfix 3.6.
+.PP
+This feature is available in Postfix 2.8 \- 3.5.
+.SH postscreen_cache_cleanup_interval (default: 12h)
+The amount of time between \fBpostscreen\fR(8) cache cleanup runs.
+Cache cleanup increases the load on the cache database and should
+therefore not be run frequently. This feature requires that the
+cache database supports the "delete" and "sequence" operators.
+Specify a zero interval to disable cache cleanup.
+.PP
+After each cache cleanup run, the \fBpostscreen\fR(8) daemon logs the
+number of entries that were retained and dropped. A cleanup run is
+logged as "partial" when the daemon terminates early after "\fBpostfix
+reload\fR", "\fBpostfix stop\fR", or no requests for $max_idle
+seconds.
+.PP
+Specify a non\-negative time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is h (hours).
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_cache_map (default: btree:$data_directory/postscreen_cache)
+Persistent storage for the \fBpostscreen\fR(8) server decisions.
+.PP
+To share a \fBpostscreen\fR(8) cache between multiple \fBpostscreen\fR(8)
+instances, use "postscreen_cache_map = proxy:btree:/path/to/file".
+This requires Postfix version 2.9 or later; earlier \fBproxymap\fR(8)
+implementations don't support cache cleanup. For an alternative
+approach see the \fBmemcache_table\fR(5) manpage.
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_cache_retention_time (default: 7d)
+The amount of time that \fBpostscreen\fR(8) will cache an expired
+temporary allowlist entry before it is removed. This prevents clients
+from being logged as "NEW" just because their cache entry expired
+an hour ago. It also prevents the cache from filling up with clients
+that passed some deep protocol test once and never came back.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is d (days).
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_client_connection_count_limit (default: $smtpd_client_connection_count_limit)
+How many simultaneous connections any remote SMTP client is
+allowed to have
+with the \fBpostscreen\fR(8) daemon. By default, this limit is the same
+as with the Postfix SMTP server. Note that the triage process can
+take several seconds, with the time spent in postscreen_greet_wait
+delay, and with the time spent talking to the \fBpostscreen\fR(8) built\-in
+dummy SMTP protocol engine.
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_command_count_limit (default: 20)
+The limit on the total number of commands per SMTP session for
+\fBpostscreen\fR(8)'s built\-in SMTP protocol engine. This SMTP engine
+defers or rejects all attempts to deliver mail, therefore there is
+no need to enforce separate limits on the number of junk commands
+and error commands.
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_command_filter (default: $smtpd_command_filter)
+A mechanism to transform commands from remote SMTP clients.
+See smtpd_command_filter for further details.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH postscreen_command_time_limit (default: normal: 300s, overload: 10s)
+The time limit to read an entire command line with \fBpostscreen\fR(8)'s
+built\-in SMTP protocol engine.
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_denylist_action (default: ignore)
+The action that \fBpostscreen\fR(8) takes when a remote SMTP client is
+permanently denylisted with the postscreen_access_list parameter.
+Specify one of the following:
+.IP "\fBignore\fR (default)"
+Ignore this result. Allow other tests to complete. Repeat
+this test the next time the client connects.
+This option is useful for testing and collecting statistics
+without blocking mail.
+.br
+.IP "\fBenforce\fR"
+Allow other tests to complete. Reject attempts to deliver mail
+with a 550 SMTP reply, and log the helo/sender/recipient information.
+Repeat this test the next time the client connects.
+.br
+.IP "\fBdrop\fR"
+Drop the connection immediately with a 521 SMTP reply. Repeat
+this test the next time the client connects.
+.br
+.br
+.PP
+This feature is available in Postfix 3.6 and later.
+.PP
+Available as postscreen_blacklist_action in Postfix 2.8 \- 3.5.
+.SH postscreen_disable_vrfy_command (default: $disable_vrfy_command)
+Disable the SMTP VRFY command in the \fBpostscreen\fR(8) daemon. See
+disable_vrfy_command for details.
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_discard_ehlo_keyword_address_maps (default: $smtpd_discard_ehlo_keyword_address_maps)
+Lookup tables, indexed by the remote SMTP client address, with
+case insensitive lists of EHLO keywords (pipelining, starttls, auth,
+etc.) that the \fBpostscreen\fR(8) server will not send in the EHLO response
+to a remote SMTP client. See smtpd_discard_ehlo_keywords for details.
+The table is not searched by hostname for robustness reasons.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH postscreen_discard_ehlo_keywords (default: $smtpd_discard_ehlo_keywords)
+A case insensitive list of EHLO keywords (pipelining, starttls,
+auth, etc.) that the \fBpostscreen\fR(8) server will not send in the EHLO
+response to a remote SMTP client. See smtpd_discard_ehlo_keywords
+for details.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH postscreen_dnsbl_action (default: ignore)
+The action that \fBpostscreen\fR(8) takes when a remote SMTP client's combined
+DNSBL score is equal to or greater than a threshold (as defined
+with the postscreen_dnsbl_sites and postscreen_dnsbl_threshold
+parameters). Specify one of the following:
+.IP "\fBignore\fR (default)"
+Ignore the failure of this test. Allow other tests to complete.
+Repeat this test the next time the client connects.
+This option is useful for testing and collecting statistics
+without blocking mail.
+.br
+.IP "\fBenforce\fR"
+Allow other tests to complete. Reject attempts to deliver mail
+with a 550 SMTP reply, and log the helo/sender/recipient information.
+Repeat this test the next time the client connects.
+.br
+.IP "\fBdrop\fR"
+Drop the connection immediately with a 521 SMTP reply. Repeat
+this test the next time the client connects.
+.br
+.br
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_dnsbl_allowlist_threshold (default: 0)
+Allow a remote SMTP client to skip "before" and "after 220
+greeting" protocol tests, based on its combined DNSBL score as
+defined with the postscreen_dnsbl_sites parameter.
+.PP
+Specify a negative value to enable this feature. When a client
+passes the postscreen_dnsbl_allowlist_threshold without having
+failed other tests, all pending or disabled tests are flagged as
+completed with a time\-to\-live value equal to postscreen_dnsbl_ttl.
+When a test was already completed, its time\-to\-live value is updated
+if it was less than postscreen_dnsbl_ttl.
+.PP
+This feature is available in Postfix 3.6 and later.
+.PP
+Available as postscreen_dnsbl_whitelist_threshold in Postfix 2.11
+\- 3.5.
+.SH postscreen_dnsbl_max_ttl (default: ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h)
+The maximum amount of time that \fBpostscreen\fR(8) will use the
+result from a successful DNS\-based reputation test before a
+client IP address is required to pass that test again. If the DNS
+reply specifies a shorter TTL value, that value will be used unless
+it would be smaller than postscreen_dnsbl_min_ttl.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is h (hours).
+.PP
+This feature is available in Postfix 3.1. The default setting
+is backwards\-compatible with older Postfix versions.
+.SH postscreen_dnsbl_min_ttl (default: 60s)
+The minimum amount of time that \fBpostscreen\fR(8) will use the
+result from a successful DNS\-based reputation test before a
+client IP address is required to pass that test again. If the DNS
+reply specifies a larger TTL value, that value will be used unless
+it would be larger than postscreen_dnsbl_max_ttl.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 3.1.
+.SH postscreen_dnsbl_reply_map (default: empty)
+A mapping from an actual DNSBL domain name which includes a secret
+password, to the DNSBL domain name that postscreen will reply with
+when it rejects mail. When no mapping is found, the actual DNSBL
+domain will be used.
+.PP
+For maximal stability it is best to use a file that is read
+into memory such as pcre:, regexp: or texthash: (texthash: is similar
+to hash:, except a) there is no need to run \fBpostmap\fR(1) before the
+file can be used, and b) texthash: does not detect changes after
+the file is read).
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply
+.fi
+.ad
+.ft R
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/dnsbl_reply:
+ secret.zen.spamhaus.org zen.spamhaus.org
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_dnsbl_sites (default: empty)
+Optional list of patterns with DNS allow/denylist domains, filters
+and weight
+factors. When the list is non\-empty, the \fBdnsblog\fR(8) daemon will
+query these domains with the reversed IP addresses of remote SMTP
+clients,
+and \fBpostscreen\fR(8) will update an SMTP client's DNSBL score with
+each non\-error reply as described below.
+.PP
+Caution: when postscreen rejects mail, its SMTP response contains
+the DNSBL
+domain name. Use the postscreen_dnsbl_reply_map feature to hide
+"password" information in DNSBL domain names.
+.PP
+When a client's score is equal to or greater than the threshold
+specified with postscreen_dnsbl_threshold, \fBpostscreen\fR(8) can drop
+the connection with the remote SMTP client.
+.PP
+Specify a list of domain=filter*weight patterns, separated by
+comma or whitespace.
+.IP \(bu
+When a pattern specifies no "=filter", \fBpostscreen\fR(8) will
+use any non\-error DNSBL query result. Otherwise, \fBpostscreen\fR(8)
+will use only DNSBL
+query results that match the filter. The filter has the form d.d.d.d,
+where each d is a number, or a pattern inside [] that contains one
+or more ";"\-separated numbers or number..number ranges.
+.IP \(bu
+When a pattern specifies no "*weight", the weight of the
+pattern is 1. Otherwise, the weight must be an integral number.
+Specify a negative number for allowlisting.
+.IP \(bu
+When a pattern matches one or more DNSBL query results,
+\fBpostscreen\fR(8) adds that pattern's weight once to the remote SMTP
+client's DNSBL score.
+.br
+.PP
+Examples:
+.PP
+To use example.com as a high\-confidence blocklist, and to
+block mail with example.net and example.org only when both agree:
+.PP
+.nf
+.na
+.ft C
+postscreen_dnsbl_threshold = 2
+postscreen_dnsbl_sites = example.com*2, example.net, example.org
+.fi
+.ad
+.ft R
+.PP
+To filter only DNSBL replies containing 127.0.0.4:
+.PP
+.nf
+.na
+.ft C
+postscreen_dnsbl_sites = example.com=127.0.0.4
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_dnsbl_threshold (default: 1)
+The inclusive lower bound for blocking a remote SMTP client, based on
+its combined DNSBL score as defined with the postscreen_dnsbl_sites
+parameter.
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_dnsbl_timeout (default: 10s)
+The time limit for DNSBL or DNSWL lookups. This is separate from
+the timeouts in the \fBdnsblog\fR(8) daemon which are defined by system
+\fBresolver\fR(3) routines.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 3.0.
+.SH postscreen_dnsbl_ttl (default: 1h)
+The amount of time that \fBpostscreen\fR(8) will use the result from
+a successful DNS\-based reputation test before a client
+IP address is required to pass that test again.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is h (hours).
+.PP
+This feature is available in Postfix 2.8\-3.0. It was
+replaced by postscreen_dnsbl_max_ttl in Postfix 3.1.
+.SH postscreen_dnsbl_whitelist_threshold (default: 0)
+Renamed to postscreen_dnsbl_allowlist_threshold in Postfix 3.6.
+.PP
+This feature is available in Postfix 2.11 \- 3.5.
+.SH postscreen_enforce_tls (default: $smtpd_enforce_tls)
+Mandatory TLS: announce STARTTLS support to remote SMTP clients, and
+require that clients use TLS encryption. See smtpd_postscreen_enforce_tls
+for details.
+.PP
+This feature is available in Postfix 2.8 and later.
+Preferably, use postscreen_tls_security_level instead.
+.SH postscreen_expansion_filter (default: see "postconf \-d" output)
+List of characters that are permitted in postscreen_reject_footer
+attribute expansions. See smtpd_expansion_filter for further
+details.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH postscreen_forbidden_commands (default: $smtpd_forbidden_commands)
+List of commands that the \fBpostscreen\fR(8) server considers in
+violation of the SMTP protocol. See smtpd_forbidden_commands for
+syntax, and postscreen_non_smtp_command_action for possible actions.
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_greet_action (default: ignore)
+The action that \fBpostscreen\fR(8) takes when a remote SMTP client speaks
+before its turn within the time specified with the postscreen_greet_wait
+parameter. Specify one of the following:
+.IP "\fBignore\fR (default)"
+Ignore the failure of this test. Allow other tests to complete.
+Repeat this test the next time the client connects.
+This option is useful for testing and collecting statistics
+without blocking mail.
+.br
+.IP "\fBenforce\fR"
+Allow other tests to complete. Reject attempts to deliver mail
+with a 550 SMTP reply, and log the helo/sender/recipient information.
+Repeat this test the next time the client connects.
+.br
+.IP "\fBdrop\fR"
+Drop the connection immediately with a 521 SMTP reply. Repeat
+this test the next time the client connects.
+.br
+.br
+.PP
+In either case, \fBpostscreen\fR(8) will not allowlist the remote SMTP client
+IP address.
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_greet_banner (default: $smtpd_banner)
+The \fItext\fR in the optional "220\-\fItext\fR..." server
+response that
+\fBpostscreen\fR(8) sends ahead of the real Postfix SMTP server's "220
+text..." response, in an attempt to confuse bad SMTP clients so
+that they speak before their turn (pre\-greet). Specify an empty
+value to disable this feature.
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_greet_ttl (default: 1d)
+The amount of time that \fBpostscreen\fR(8) will use the result from
+a successful PREGREET test. During this time, the client IP address
+is excluded from this test. The default is relatively short, because
+a good client can immediately talk to a real Postfix SMTP server.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is d (days).
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_greet_wait (default: normal: 6s, overload: 2s)
+The amount of time that \fBpostscreen\fR(8) will wait for an SMTP
+client to send a command before its turn, and for DNS blocklist
+lookup results to arrive (default: up to 2 seconds under stress,
+up to 6 seconds otherwise).
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_helo_required (default: $smtpd_helo_required)
+Require that a remote SMTP client sends HELO or EHLO before
+commencing a MAIL transaction.
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_non_smtp_command_action (default: drop)
+The action that \fBpostscreen\fR(8) takes when a remote SMTP client sends
+non\-SMTP commands as specified with the postscreen_forbidden_commands
+parameter. Specify one of the following:
+.IP "\fBignore\fR"
+Ignore the failure of this test. Allow other tests to complete.
+Do \fInot\fR repeat this test before the result from some
+other test expires.
+This option is useful for testing and collecting statistics
+without blocking mail permanently.
+.br
+.IP "\fBenforce\fR"
+Allow other tests to complete. Reject attempts to deliver mail
+with a 550 SMTP reply, and log the helo/sender/recipient information.
+Repeat this test the next time the client connects.
+.br
+.IP "\fBdrop\fR"
+Drop the connection immediately with a 521 SMTP reply. Repeat
+this test the next time the client connects. This action is the
+same as with the Postfix SMTP server's smtpd_forbidden_commands
+feature.
+.br
+.br
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_non_smtp_command_enable (default: no)
+Enable "non\-SMTP command" tests in the \fBpostscreen\fR(8) server. These
+tests are expensive: a client must disconnect after it passes the
+test, before it can talk to a real Postfix SMTP server.
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_non_smtp_command_ttl (default: 30d)
+The amount of time that \fBpostscreen\fR(8) will use the result from
+a successful "non_smtp_command" SMTP protocol test. During this
+time, the client IP address is excluded from this test. The default
+is long because a client must disconnect after it passes the test,
+before it can talk to a real Postfix SMTP server.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is d (days).
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_pipelining_action (default: enforce)
+The action that \fBpostscreen\fR(8) takes when a remote SMTP client
+sends
+multiple commands instead of sending one command and waiting for
+the server to respond. Specify one of the following:
+.IP "\fBignore\fR"
+Ignore the failure of this test. Allow other tests to complete.
+Do \fInot\fR repeat this test before the result from some
+other test expires.
+This option is useful for testing and collecting statistics
+without blocking mail permanently.
+.br
+.IP "\fBenforce\fR"
+Allow other tests to complete. Reject attempts to deliver mail
+with a 550 SMTP reply, and log the helo/sender/recipient information.
+Repeat this test the next time the client connects.
+.br
+.IP "\fBdrop\fR"
+Drop the connection immediately with a 521 SMTP reply. Repeat
+this test the next time the client connects.
+.br
+.br
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_pipelining_enable (default: no)
+Enable "pipelining" SMTP protocol tests in the \fBpostscreen\fR(8)
+server. These tests are expensive: a good client must disconnect
+after it passes the test, before it can talk to a real Postfix SMTP
+server.
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_pipelining_ttl (default: 30d)
+The amount of time that \fBpostscreen\fR(8) will use the result from
+a successful "pipelining" SMTP protocol test. During this time, the
+client IP address is excluded from this test. The default is
+long because a good client must disconnect after it passes the test,
+before it can talk to a real Postfix SMTP server.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is d (days).
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_post_queue_limit (default: $default_process_limit)
+The number of clients that can be waiting for service from a
+real Postfix SMTP server process. When this queue is full, all
+clients will
+receive a 421 response.
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_pre_queue_limit (default: $default_process_limit)
+The number of non\-allowlisted clients that can be waiting for
+a decision whether they will receive service from a real Postfix
+SMTP server
+process. When this queue is full, all non\-allowlisted clients will
+receive a 421 response.
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_reject_footer (default: $smtpd_reject_footer)
+Optional information that is appended after a 4XX or 5XX
+\fBpostscreen\fR(8) server
+response. See smtpd_reject_footer for further details.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH postscreen_reject_footer_maps (default: $smtpd_reject_footer_maps)
+Optional lookup table for information that is appended after a 4XX
+or 5XX \fBpostscreen\fR(8) server response. See smtpd_reject_footer_maps for
+further details.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH postscreen_tls_security_level (default: $smtpd_tls_security_level)
+The SMTP TLS security level for the \fBpostscreen\fR(8) server; when
+a non\-empty value is specified, this overrides the obsolete parameters
+postscreen_use_tls and postscreen_enforce_tls. See smtpd_tls_security_level
+for details.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH postscreen_upstream_proxy_protocol (default: empty)
+The name of the proxy protocol used by an optional before\-postscreen
+proxy agent. When a proxy agent is used, this protocol conveys local
+and remote address and port information. Specify
+"postscreen_upstream_proxy_protocol = haproxy" to enable the haproxy
+protocol; version 2 is supported with Postfix 3.5 and later.
+.PP
+This feature is available in Postfix 2.10 and later.
+.SH postscreen_upstream_proxy_timeout (default: 5s)
+The time limit for the proxy protocol specified with the
+postscreen_upstream_proxy_protocol parameter.
+.PP
+This feature is available in Postfix 2.10 and later.
+.SH postscreen_use_tls (default: $smtpd_use_tls)
+Opportunistic TLS: announce STARTTLS support to remote SMTP clients,
+but do not require that clients use TLS encryption.
+.PP
+This feature is available in Postfix 2.8 and later.
+Preferably, use postscreen_tls_security_level instead.
+.SH postscreen_watchdog_timeout (default: 10s)
+How much time a \fBpostscreen\fR(8) process may take to respond to
+a remote SMTP client command or to perform a cache operation before it
+is terminated by a built\-in watchdog timer. This is a safety
+mechanism that prevents \fBpostscreen\fR(8) from becoming non\-responsive
+due to a bug in Postfix itself or in system software. To avoid
+false alarms and unnecessary cache corruption this limit cannot be
+set under 10s.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.8.
+.SH postscreen_whitelist_interfaces (default: static:all)
+Renamed to postscreen_allowlist_interfaces in Postfix 3.6.
+.PP
+This feature is available in Postfix 2.9 \- 3.5.
+.SH prepend_delivered_header (default: command, file, forward)
+The message delivery contexts where the Postfix \fBlocal\fR(8) delivery
+agent prepends a Delivered\-To: message header with the address
+that the mail was delivered to. This information is used for mail
+delivery loop detection.
+.PP
+By default, the Postfix local delivery agent prepends a Delivered\-To:
+header when forwarding mail and when delivering to file (mailbox)
+and command. Turning off the Delivered\-To: header when forwarding
+mail is not recommended.
+.PP
+Specify zero or more of \fBforward\fR, \fBfile\fR, or \fBcommand\fR.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+prepend_delivered_header = forward
+.fi
+.ad
+.ft R
+.SH process_id (read\-only)
+The process ID of a Postfix command or daemon process.
+.SH process_id_directory (default: pid)
+The location of Postfix PID files relative to $queue_directory.
+This is a read\-only parameter.
+.SH process_name (read\-only)
+The process name of a Postfix command or daemon process.
+.SH propagate_unmatched_extensions (default: canonical, virtual)
+What address lookup tables copy an address extension from the lookup
+key to the lookup result.
+.PP
+For example, with a \fBvirtual\fR(5) mapping of "\fIjoe@example.com =>
+joe.user@example.net\fR", the address "\fIjoe+foo@example.com\fR"
+would rewrite to "\fIjoe.user+foo@example.net\fR".
+.PP
+Specify zero or more of \fBcanonical\fR, \fBvirtual\fR, \fBalias\fR,
+\fBforward\fR, \fBinclude\fR or \fBgeneric\fR. These cause
+address extension
+propagation with \fBcanonical\fR(5), \fBvirtual\fR(5), and \fBaliases\fR(5) maps,
+with \fBlocal\fR(8) .forward and :include: file lookups, and with \fBsmtp\fR(8)
+generic maps, respectively.
+.PP
+Note: enabling this feature for types other than \fBcanonical\fR
+and \fBvirtual\fR is likely to cause problems when mail is forwarded
+to other sites, especially with mail that is sent to a mailing list
+exploder address.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+propagate_unmatched_extensions = canonical, virtual, alias,
+ forward, include
+propagate_unmatched_extensions = canonical, virtual
+.fi
+.ad
+.ft R
+.SH proxy_interfaces (default: empty)
+The remote network interface addresses that this mail system receives mail
+on by way of a proxy or network address translation unit.
+.PP
+This feature is available in Postfix 2.0 and later.
+.PP
+You must specify your "outside" proxy/NAT addresses when your
+system is a backup MX host for other domains, otherwise mail delivery
+loops will happen when the primary MX host is down.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+proxy_interfaces = 1.2.3.4
+.fi
+.ad
+.ft R
+.SH proxy_read_maps (default: see "postconf \-d" output)
+The lookup tables that the \fBproxymap\fR(8) server is allowed to
+access for the read\-only service.
+.PP
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma.
+Table references that don't begin with proxy: are ignored.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH proxy_write_maps (default: see "postconf \-d" output)
+The lookup tables that the \fBproxymap\fR(8) server is allowed to
+access for the read\-write service. Postfix\-owned local database
+files should be stored under the Postfix\-owned data_directory.
+Table references that don't begin with proxy: are ignored.
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH proxymap_service_name (default: proxymap)
+The name of the proxymap read\-only table lookup service. This
+service is normally implemented by the \fBproxymap\fR(8) daemon.
+.PP
+This feature is available in Postfix 2.6 and later.
+.SH proxywrite_service_name (default: proxywrite)
+The name of the proxywrite read\-write table lookup service.
+This service is normally implemented by the \fBproxymap\fR(8) daemon.
+.PP
+This feature is available in Postfix 2.6 and later.
+.SH qmgr_clog_warn_time (default: 300s)
+The minimal delay between warnings that a specific destination is
+clogging up the Postfix active queue. Specify 0 to disable.
+.PP
+Specify a non\-negative time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is enabled with the helpful_warnings parameter.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH qmgr_daemon_timeout (default: 1000s)
+How much time a Postfix queue manager process may take to handle
+a request before it is terminated by a built\-in watchdog timer.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH qmgr_fudge_factor (default: 100)
+Obsolete feature: the percentage of delivery resources that a busy
+mail system will use up for delivery of a large mailing list
+message.
+.PP
+This feature exists only in the \fBoqmgr\fR(8) old queue manager. The
+current queue manager solves the problem in a better way.
+.SH qmgr_ipc_timeout (default: 60s)
+The time limit for the queue manager to send or receive information
+over an internal communication channel. The purpose is to break
+out of deadlock situations. If the time limit is exceeded the
+software either retries or aborts the operation.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH qmgr_message_active_limit (default: 20000)
+The maximal number of messages in the active queue.
+.SH qmgr_message_recipient_limit (default: 20000)
+The maximal number of recipients held in memory by the Postfix
+queue manager, and the maximal size of the short\-term,
+in\-memory "dead" destination status cache.
+.SH qmgr_message_recipient_minimum (default: 10)
+The minimal number of in\-memory recipients for any message. This
+takes priority over any other in\-memory recipient limits (i.e.,
+the global qmgr_message_recipient_limit and the per transport
+_recipient_limit) if necessary. The minimum value allowed for this
+parameter is 1.
+.SH qmqpd_authorized_clients (default: empty)
+What remote QMQP clients are allowed to connect to the Postfix QMQP
+server port.
+.PP
+By default, no client is allowed to use the service. This is
+because the QMQP server will relay mail to any destination.
+.PP
+Specify a list of client patterns. A list pattern specifies a host
+name, a domain name, an internet address, or a network/mask pattern,
+where the mask specifies the number of bits in the network part.
+When a pattern specifies a file name, its contents are substituted
+for the file name; when a pattern is a "type:table" table specification,
+table lookup is used instead.
+.PP
+Patterns are separated by whitespace and/or commas. In order to
+reverse the result, precede a pattern with an
+exclamation point (!). The form "!/file/name" is supported only
+in Postfix version 2.4 and later.
+.PP
+Pattern matching of domain names is controlled by the presence
+or absence of "qmqpd_authorized_clients" in the
+parent_domain_matches_subdomains parameter value.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+qmqpd_authorized_clients = !192.168.0.1, 192.168.0.0/24
+.fi
+.ad
+.ft R
+.SH qmqpd_client_port_logging (default: no)
+Enable logging of the remote QMQP client port in addition to
+the hostname and IP address. The logging format is "host[address]:port".
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH qmqpd_error_delay (default: 1s)
+How long the Postfix QMQP server will pause before sending a negative
+reply to the remote QMQP client. The purpose is to slow down confused
+or malicious clients.
+.PP
+Specify a non\-negative time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH qmqpd_timeout (default: 300s)
+The time limit for sending or receiving information over the network.
+If a read or write operation blocks for more than $qmqpd_timeout
+seconds the Postfix QMQP server gives up and disconnects.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH queue_directory (default: see "postconf \-d" output)
+The location of the Postfix top\-level queue directory. This is the
+root directory of Postfix daemon processes that run chrooted.
+.SH queue_file_attribute_count_limit (default: 100)
+The maximal number of (name=value) attributes that may be stored
+in a Postfix queue file. The limit is enforced by the \fBcleanup\fR(8)
+server.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH queue_minfree (default: 0)
+The minimal amount of free space in bytes in the queue file system
+that is needed to receive mail. This is currently used by the
+Postfix SMTP server to decide if it will accept any mail at all.
+.PP
+By default, the Postfix SMTP server rejects MAIL FROM commands when
+the amount of free space is less than 1.5*$message_size_limit
+(Postfix version 2.1 and later).
+To specify a higher minimum free space limit, specify a queue_minfree
+value that is at least 1.5*$message_size_limit.
+.PP
+With Postfix versions 2.0 and earlier, a queue_minfree value of
+zero means there is no minimum required amount of free space.
+.SH queue_run_delay (default: 300s)
+The time between deferred queue scans by the queue manager;
+prior to Postfix 2.4 the default value was 1000s.
+.PP
+This parameter should be set less than or equal to
+$minimal_backoff_time. See also $maximal_backoff_time.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH queue_service_name (default: qmgr)
+The name of the \fBqmgr\fR(8) service. This service manages the Postfix
+queue and schedules delivery requests.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH rbl_reply_maps (default: empty)
+Optional lookup tables with RBL response templates. The tables are
+indexed by the RBL domain name. By default, Postfix uses the default
+template as specified with the default_rbl_reply configuration
+parameter. See there for a discussion of the syntax of RBL reply
+templates.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH readme_directory (default: see "postconf \-d" output)
+The location of Postfix README files that describe how to build,
+configure or operate a specific Postfix subsystem or feature.
+.SH receive_override_options (default: empty)
+Enable or disable recipient validation, built\-in content
+filtering, or address mapping. Typically, these are specified in
+master.cf as command\-line arguments for the \fBsmtpd\fR(8), \fBqmqpd\fR(8) or
+\fBpickup\fR(8) daemons.
+.PP
+Specify zero or more of the following options. The options
+override main.cf settings and are either implemented by \fBsmtpd\fR(8),
+\fBqmqpd\fR(8), or \fBpickup\fR(8) themselves, or they are forwarded to the
+cleanup server.
+.IP "\fBno_unknown_recipient_checks\fR"
+Do not try to reject unknown recipients (SMTP server only).
+This is typically specified AFTER an external content filter.
+.br
+.IP "\fBno_address_mappings\fR"
+Disable canonical address mapping, virtual alias map expansion,
+address masquerading, and automatic BCC (blind carbon\-copy)
+recipients. This is typically specified BEFORE an external content
+filter.
+.br
+.IP "\fBno_header_body_checks\fR"
+Disable header/body_checks. This is typically specified AFTER
+an external content filter.
+.br
+.IP "\fBno_milters\fR"
+Disable Milter (mail filter) applications. This is typically
+specified AFTER an external content filter.
+.br
+.br
+.PP
+Note: when the "BEFORE content filter" receive_override_options
+setting is specified in the main.cf file, specify the "AFTER content
+filter" receive_override_options setting in master.cf (and vice
+versa).
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+receive_override_options =
+ no_unknown_recipient_checks, no_header_body_checks
+receive_override_options = no_address_mappings
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH recipient_bcc_maps (default: empty)
+Optional BCC (blind carbon\-copy) address lookup tables, indexed by
+envelope recipient address. The BCC address (multiple results are not
+supported) is added when mail enters from outside of Postfix.
+.PP
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+.PP
+The table search order is as follows:
+.IP \(bu
+Look up the "user+extension@domain.tld" address including the
+optional address extension.
+.IP \(bu
+Look up the "user@domain.tld" address without the optional
+address extension.
+.IP \(bu
+Look up the "user+extension" address local part when the
+recipient domain equals $myorigin, $mydestination, $inet_interfaces
+or $proxy_interfaces.
+.IP \(bu
+Look up the "user" address local part when the recipient domain
+equals $myorigin, $mydestination, $inet_interfaces or $proxy_interfaces.
+.IP \(bu
+Look up the "@domain.tld" part.
+.br
+.PP
+Note: with Postfix 2.3 and later the BCC address is added as if it
+was specified with NOTIFY=NONE. The sender will not be notified
+when the BCC address is undeliverable, as long as all down\-stream
+software implements RFC 3461.
+.PP
+Note: with Postfix 2.2 and earlier the sender will unconditionally
+be notified when the BCC address is undeliverable.
+.PP
+Note: automatic BCC recipients are produced only for new mail.
+To avoid mailer loops, automatic BCC recipients are not generated
+after Postfix forwards mail internally, or after Postfix generates
+mail itself.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
+.fi
+.ad
+.ft R
+.PP
+After a change, run "\fBpostmap /etc/postfix/recipient_bcc\fR".
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH recipient_canonical_classes (default: envelope_recipient, header_recipient)
+What addresses are subject to recipient_canonical_maps address
+mapping. By default, recipient_canonical_maps address mapping is
+applied to envelope recipient addresses, and to header recipient
+addresses.
+.PP
+Specify one or more of: envelope_recipient, header_recipient
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH recipient_canonical_maps (default: empty)
+Optional address mapping lookup tables for envelope and header
+recipient addresses.
+The table format and lookups are documented in \fBcanonical\fR(5).
+.PP
+Note: $recipient_canonical_maps is processed before $canonical_maps.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+recipient_canonical_maps = hash:/etc/postfix/recipient_canonical
+.fi
+.ad
+.ft R
+.SH recipient_delimiter (default: empty)
+The set of characters that can separate an email address
+localpart, user name, or a .forward file name from its extension.
+For example, with "recipient_delimiter = +", the software tries
+user+foo@example.com before trying user@example.com, user+foo before
+trying user, and .forward+foo before trying .forward.
+.PP
+More formally, an email address localpart or user name is
+separated from its extension by the first character that matches
+the recipient_delimiter set. The delimiter character and extension
+may then be used to generate an extended .forward file name. This
+implementation recognizes one delimiter character and one extension
+per email address localpart or email address. With Postfix 2.10 and
+earlier, the recipient_delimiter specifies a single character.
+.PP
+See \fBcanonical\fR(5), \fBlocal\fR(8), \fBrelocated\fR(5) and \fBvirtual\fR(5) for the
+effects of recipient_delimiter on lookups in aliases, canonical,
+virtual, and relocated maps, and see the propagate_unmatched_extensions
+parameter for propagating an extension from one email address to
+another.
+.PP
+When used in command_execution_directory, forward_path, or
+luser_relay, ${recipient_delimiter} is replaced with the actual
+recipient delimiter that was found in the recipient email address
+(Postfix 2.11 and later), or it is replaced with the main.cf
+recipient_delimiter parameter value (Postfix 2.10 and earlier).
+.PP
+The recipient_delimiter is not applied to the mailer\-daemon
+address, the postmaster address, or the double\-bounce address. With
+the default "owner_request_special = yes" setting, the recipient_delimiter
+is also not applied to addresses with the special "owner\-" prefix
+or the special "\-request" suffix.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+# Handle Postfix\-style extensions.
+recipient_delimiter = +
+.fi
+.ad
+.ft R
+.PP
+.nf
+.na
+.ft C
+# Handle both Postfix and qmail extensions (Postfix 2.11 and later).
+recipient_delimiter = +\-
+.fi
+.ad
+.ft R
+.PP
+.nf
+.na
+.ft C
+# Use .forward for mail without address extension, and for mail with
+# an unrecognized address extension.
+forward_path = $home/.forward${recipient_delimiter}${extension},
+ $home/.forward
+.fi
+.ad
+.ft R
+.SH reject_code (default: 554)
+The numerical Postfix SMTP server response code when a remote SMTP
+client request is rejected by the "reject" restriction.
+.PP
+Do not change this unless you have a complete understanding of RFC 5321.
+.SH reject_tempfail_action (default: defer_if_permit)
+The Postfix SMTP server's action when a reject\-type restriction
+fails due to a temporary error condition. Specify "defer" to defer
+the remote SMTP client request immediately. With the default
+"defer_if_permit" action, the Postfix SMTP server continues to look
+for opportunities to reject mail, and defers the client request
+only if it would otherwise be accepted.
+.PP
+For finer control, see: unverified_recipient_tempfail_action,
+unverified_sender_tempfail_action, unknown_address_tempfail_action,
+and unknown_helo_hostname_tempfail_action.
+.PP
+This feature is available in Postfix 2.6 and later.
+.SH relay_clientcerts (default: empty)
+List of tables with remote SMTP client\-certificate fingerprints or
+public key fingerprints (Postfix 2.9 and later) for which the Postfix
+SMTP server will allow access with the permit_tls_clientcerts
+feature. The fingerprint digest algorithm is configurable via the
+smtpd_tls_fingerprint_digest parameter (hard\-coded as md5 prior to
+Postfix version 2.5).
+.PP
+The default algorithm is \fBsha256\fR with Postfix >= 3.6
+and the \fBcompatibility_level\fR set to 3.6 or higher. With Postfix
+<= 3.5, the default algorithm is \fBmd5\fR. The best\-practice
+algorithm is now \fBsha256\fR. Recent advances in hash function
+cryptanalysis have led to md5 and sha1 being deprecated in favor of
+sha256. However, as long as there are no known "second pre\-image"
+attacks against the older algorithms, their use in this context, though
+not recommended, is still likely safe.
+.PP
+Postfix lookup tables are in the form of (key, value) pairs.
+Since we only need the key, the value can be chosen freely, e.g.
+the name of the user or host:
+D7:04:2F:A7:0B:8C:A5:21:FA:31:77:E1:41:8A:EE:80 lutzpc.at.home
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+relay_clientcerts = hash:/etc/postfix/relay_clientcerts
+.fi
+.ad
+.ft R
+.PP
+For more fine\-grained control, use check_ccert_access to select
+an appropriate \fBaccess\fR(5) policy for each client.
+See RESTRICTION_CLASS_README.
+.PP
+This feature is available with Postfix version 2.2.
+.SH relay_destination_concurrency_limit (default: $default_destination_concurrency_limit)
+The maximal number of parallel deliveries to the same destination
+via the relay message delivery transport. This limit is enforced
+by the queue manager. The message delivery transport name is the
+first field in the entry in the master.cf file.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH relay_destination_recipient_limit (default: $default_destination_recipient_limit)
+The maximal number of recipients per message for the relay
+message delivery transport. This limit is enforced by the queue
+manager. The message delivery transport name is the first field in
+the entry in the master.cf file.
+.PP
+Setting this parameter to a value of 1 changes the meaning of
+relay_destination_concurrency_limit from concurrency per domain
+into concurrency per recipient.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH relay_domains (default: Postfix >= 3.0: empty, Postfix < 3.0: $mydestination)
+What destination domains (and subdomains thereof) this system
+will relay mail to. For details about how
+the relay_domains value is used, see the description of the
+permit_auth_destination and reject_unauth_destination SMTP recipient
+restrictions.
+.PP
+Domains that match $relay_domains are delivered with the
+$relay_transport mail delivery transport. The SMTP server validates
+recipient addresses with $relay_recipient_maps and rejects non\-existent
+recipients. See also the relay domains address class in the
+ADDRESS_CLASS_README file.
+.PP
+Note: Postfix will not automatically forward mail for domains
+that list this system as their primary or backup MX host. See the
+permit_mx_backup restriction in the \fBpostconf\fR(5) manual page.
+.PP
+Specify a list of host or domain names, "/file/name" patterns
+or "type:table" lookup tables, separated by commas and/or whitespace.
+Continue long lines by starting the next line with whitespace. A
+"/file/name" pattern is replaced by its contents; a "type:table"
+lookup table is matched when a (parent) domain appears as lookup
+key. Specify "!pattern" to exclude a domain from the list. The form
+"!/file/name" is supported only in Postfix version 2.4 and later.
+.PP
+Pattern matching of domain names is controlled by the presence
+or absence of "relay_domains" in the parent_domain_matches_subdomains
+parameter value.
+.SH relay_domains_reject_code (default: 554)
+The numerical Postfix SMTP server response code when a client
+request is rejected by the reject_unauth_destination recipient
+restriction.
+.PP
+Do not change this unless you have a complete understanding of RFC 5321.
+.SH relay_recipient_maps (default: empty)
+Optional lookup tables with all valid addresses in the domains
+that match $relay_domains. Specify @domain as a wild\-card for
+domains that have no valid recipient list, and become a source of
+backscatter mail: Postfix accepts spam for non\-existent recipients
+and then floods innocent people with undeliverable mail. Technically,
+tables
+listed with $relay_recipient_maps are used as lists: Postfix needs
+to know only if a lookup string is found or not, but it does not
+use the result from the table lookup.
+.PP
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+.PP
+If this parameter is non\-empty, then the Postfix SMTP server will reject
+mail to unknown relay users. This feature is off by default.
+.PP
+See also the relay domains address class in the ADDRESS_CLASS_README
+file.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+relay_recipient_maps = hash:/etc/postfix/relay_recipients
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH relay_transport (default: relay)
+The default mail delivery transport and next\-hop destination for
+remote delivery to domains listed with $relay_domains. In order of
+decreasing precedence, the nexthop destination is taken from
+$relay_transport, $sender_dependent_relayhost_maps, $relayhost, or
+from the recipient domain. This information can be overruled with
+the \fBtransport\fR(5) table.
+.PP
+Specify a string of the form \fItransport:nexthop\fR, where \fItransport\fR
+is the name of a mail delivery transport defined in master.cf.
+The \fI:nexthop\fR destination is optional; its syntax is documented
+in the manual page of the corresponding delivery agent.
+.PP
+See also the relay domains address class in the ADDRESS_CLASS_README
+file.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH relayhost (default: empty)
+The next\-hop destination(s) for non\-local mail; overrides non\-local
+domains in recipient addresses. This information is overruled with
+relay_transport, sender_dependent_default_transport_maps,
+default_transport, sender_dependent_relayhost_maps
+and with the \fBtransport\fR(5) table.
+.PP
+On an intranet, specify the organizational domain name. If your
+internal DNS uses no MX records, specify the name of the intranet
+gateway host instead.
+.PP
+In the case of SMTP or LMTP delivery, specify one or more destinations
+in the form of a domain name, hostname, hostname:port, [hostname]:port,
+[hostaddress] or [hostaddress]:port, separated by comma or whitespace.
+The form [hostname] turns off MX lookups. Multiple destinations are
+supported in Postfix 3.5 and later.
+.PP
+If you're connected via UUCP, see the UUCP_README file for useful
+information.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+relayhost = $mydomain
+relayhost = [gateway.example.com]
+relayhost = mail1.example:587, mail2.example:587
+relayhost = [an.ip.add.ress]
+.fi
+.ad
+.ft R
+.SH relocated_maps (default: empty)
+Optional lookup tables with new contact information for users or
+domains that no longer exist. The table format and lookups are
+documented in \fBrelocated\fR(5).
+.PP
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+.PP
+If you use this feature, run "\fBpostmap /etc/postfix/relocated\fR" to
+build the necessary DBM or DB file after change, then "\fBpostfix
+reload\fR" to make the changes visible.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+relocated_maps = dbm:/etc/postfix/relocated
+relocated_maps = hash:/etc/postfix/relocated
+.fi
+.ad
+.ft R
+.SH remote_header_rewrite_domain (default: empty)
+Rewrite or add message headers in mail from remote clients if
+the remote_header_rewrite_domain parameter value is non\-empty,
+updating incomplete addresses with the domain specified in the
+remote_header_rewrite_domain parameter, and adding missing headers.
+.PP
+The
+local_header_rewrite_clients parameter controls what clients Postfix
+considers local.
+.PP
+Examples:
+.PP
+The safe setting: append "domain.invalid" to incomplete header
+addresses from remote SMTP clients, so that those addresses cannot
+be confused with local addresses.
+.sp
+.in +4
+.nf
+.na
+.ft C
+remote_header_rewrite_domain = domain.invalid
+.fi
+.ad
+.ft R
+.in -4
+.PP
+The default, purist, setting: don't rewrite headers from remote
+clients at all.
+.sp
+.in +4
+.nf
+.na
+.ft C
+remote_header_rewrite_domain =
+.fi
+.ad
+.ft R
+.in -4
+.SH require_home_directory (default: no)
+Require that a \fBlocal\fR(8) recipient's home directory exists
+before mail delivery is attempted. By default this test is disabled.
+It can be useful for environments that import home directories to
+the mail server (IMPORTING HOME DIRECTORIES IS NOT RECOMMENDED).
+.SH reset_owner_alias (default: no)
+Reset the \fBlocal\fR(8) delivery agent's idea of the owner\-alias
+attribute, when delivering mail to a child alias that does not have
+its own owner alias.
+.PP
+This feature is available in Postfix 2.8 and later. With older
+Postfix releases, the behavior is as if this parameter is set to
+"yes".
+.PP
+As documented in \fBaliases\fR(5), when an alias \fIname\fR has a
+companion alias named owner\-\fIname\fR, this will replace the
+envelope sender address, so that delivery errors will be
+reported to the owner alias instead of the sender. This configuration
+is recommended for mailing lists.
+.PP
+A less known property of the owner alias is that it also forces
+the \fBlocal\fR(8) delivery agent to write local and remote addresses
+from alias expansion to a new queue file, instead of attempting to
+deliver mail to local addresses as soon as they come out of alias
+expansion.
+.PP
+Writing local addresses from alias expansion to a new queue
+file allows for robust handling of temporary delivery errors: errors
+with one local member have no effect on deliveries to other members
+of the list. On the other hand, delivery to local addresses as
+soon as they come out of alias expansion is fragile: a temporary
+error with one local address from alias expansion will cause the
+entire alias to be expanded repeatedly until the error goes away,
+or until the message expires in the queue. In that case, a problem
+with one list member results in multiple message deliveries to other
+list members.
+.PP
+The default behavior of Postfix 2.8 and later is to keep the
+owner\-alias attribute of the parent alias, when delivering mail to
+a child alias that does not have its own owner alias. Then, local
+addresses from that child alias will be written to a new queue file,
+and a temporary error with one local address will not affect delivery
+to other mailing list members.
+.PP
+Unfortunately, older Postfix releases reset the owner\-alias
+attribute when delivering mail to a child alias that does not have
+its own owner alias. To be precise, this resets only the decision
+to create a new queue file, not the decision to override the envelope
+sender address. The \fBlocal\fR(8) delivery agent then attempts to
+deliver local addresses as soon as they come out of child alias
+expansion. If delivery to any address from child alias expansion
+fails with a temporary error condition, the entire mailing list may
+be expanded repeatedly until the mail expires in the queue, resulting
+in multiple deliveries of the same message to mailing list members.
+.SH resolve_dequoted_address (default: yes)
+Resolve a recipient address safely instead of correctly, by
+looking inside quotes.
+.PP
+By default, the Postfix address resolver does not quote the
+address localpart as per RFC 822, so that additional @ or % or !
+operators remain visible. This behavior is safe but it is also
+technically incorrect.
+.PP
+If you specify "resolve_dequoted_address = no", then
+the Postfix
+resolver will not know about additional @ etc. operators in the
+address localpart. This opens opportunities for obscure mail relay
+attacks with user@domain@domain addresses when Postfix provides
+backup MX service for Sendmail systems.
+.SH resolve_null_domain (default: no)
+Resolve an address that ends in the "@" null domain as if the
+local hostname were specified, instead of rejecting the address as
+invalid.
+.PP
+This feature is available in Postfix 2.1 and later.
+Earlier versions always resolve the null domain as the local
+hostname.
+.PP
+The Postfix SMTP server uses this feature to reject mail from
+or to addresses that end in the "@" null domain, and from addresses
+that rewrite into a form that ends in the "@" null domain.
+.SH resolve_numeric_domain (default: no)
+Resolve "user@ipaddress" as "user@[ipaddress]", instead of
+rejecting the address as invalid.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH respectful_logging (default: see 'postconf \-d' output)
+Avoid logging that implies white is better than black. Instead
+use 'allowlist', 'denylist', and variations of those words.
+.PP
+This feature is available in Postfix 3.6 and later.
+.SH rewrite_service_name (default: rewrite)
+The name of the address rewriting service. This service rewrites
+addresses to standard form and resolves them to a (delivery method,
+next\-hop host, recipient) triple.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH sample_directory (default: /etc/postfix)
+The name of the directory with example Postfix configuration files.
+Starting with Postfix 2.1, these files have been replaced with the
+\fBpostconf\fR(5) manual page.
+.SH send_cyrus_sasl_authzid (default: no)
+When authenticating to a remote SMTP or LMTP server with the
+default setting "no", send no SASL authoriZation ID (authzid); send
+only the SASL authentiCation ID (authcid) plus the authcid's password.
+.PP
+The non\-default setting "yes" enables the behavior of older
+Postfix versions. These always send a SASL authzid that is equal
+to the SASL authcid, but this causes interoperability problems
+with some SMTP servers.
+.PP
+This feature is available in Postfix 2.4.4 and later.
+.SH sender_based_routing (default: no)
+This parameter should not be used. It was replaced by sender_dependent_relayhost_maps
+in Postfix version 2.3.
+.SH sender_bcc_maps (default: empty)
+Optional BCC (blind carbon\-copy) address lookup tables, indexed
+by envelope sender address. The BCC address (multiple results are not
+supported) is added when mail enters from outside of Postfix.
+.PP
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+.PP
+The table search order is as follows:
+.IP \(bu
+Look up the "user+extension@domain.tld" address including the
+optional address extension.
+.IP \(bu
+Look up the "user@domain.tld" address without the optional
+address extension.
+.IP \(bu
+Look up the "user+extension" address local part when the
+sender domain equals $myorigin, $mydestination, $inet_interfaces
+or $proxy_interfaces.
+.IP \(bu
+Look up the "user" address local part when the sender domain
+equals $myorigin, $mydestination, $inet_interfaces or $proxy_interfaces.
+.IP \(bu
+Look up the "@domain.tld" part.
+.br
+.PP
+Note: with Postfix 2.3 and later the BCC address is added as if it
+was specified with NOTIFY=NONE. The sender will not be notified
+when the BCC address is undeliverable, as long as all down\-stream
+software implements RFC 3461.
+.PP
+Note: with Postfix 2.2 and earlier the sender will be notified
+when the BCC address is undeliverable.
+.PP
+Note: automatic BCC recipients are produced only for new mail.
+To avoid mailer loops, automatic BCC recipients are not generated
+after Postfix forwards mail internally, or after Postfix generates
+mail itself.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+sender_bcc_maps = hash:/etc/postfix/sender_bcc
+.fi
+.ad
+.ft R
+.PP
+After a change, run "\fBpostmap /etc/postfix/sender_bcc\fR".
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH sender_canonical_classes (default: envelope_sender, header_sender)
+What addresses are subject to sender_canonical_maps address
+mapping. By default, sender_canonical_maps address mapping is
+applied to envelope sender addresses, and to header sender addresses.
+.PP
+Specify one or more of: envelope_sender, header_sender
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH sender_canonical_maps (default: empty)
+Optional address mapping lookup tables for envelope and header
+sender addresses.
+The table format and lookups are documented in \fBcanonical\fR(5).
+.PP
+Example: you want to rewrite the SENDER address "user@ugly.example"
+to "user@pretty.example", while still being able to send mail to
+the RECIPIENT address "user@ugly.example".
+.PP
+Note: $sender_canonical_maps is processed before $canonical_maps.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+sender_canonical_maps = hash:/etc/postfix/sender_canonical
+.fi
+.ad
+.ft R
+.SH sender_dependent_default_transport_maps (default: empty)
+A sender\-dependent override for the global default_transport
+parameter setting. The tables are searched by the envelope sender
+address and @domain. A lookup result of DUNNO terminates the search
+without overriding the global default_transport parameter setting.
+This information is overruled with the \fBtransport\fR(5) table.
+.PP
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+.PP
+Note: this overrides default_transport, not transport_maps, and
+therefore the expected syntax is that of default_transport, not the
+syntax of transport_maps. Specifically, this does not support the
+transport_maps syntax for null transport, null nexthop, or null
+email addresses.
+.PP
+For safety reasons, this feature does not allow $number
+substitutions in regular expression maps.
+.PP
+This feature is available in Postfix 2.7 and later.
+.SH sender_dependent_relayhost_maps (default: empty)
+A sender\-dependent override for the global relayhost parameter
+setting. The tables are searched by the envelope sender address and
+@domain. A lookup result of DUNNO terminates the search without
+overriding the global relayhost parameter setting (Postfix 2.6 and
+later). This information is overruled with relay_transport,
+sender_dependent_default_transport_maps, default_transport and with
+the \fBtransport\fR(5) table.
+.PP
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+.PP
+For safety reasons, this feature does not allow $number
+substitutions in regular expression maps.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH sendmail_fix_line_endings (default: always)
+Controls how the Postfix sendmail command converts email message
+line endings from <CR><LF> into UNIX format (<LF>).
+.IP "\fBalways\fR"
+Always convert message lines ending
+in <CR><LF>. This setting is the default with Postfix
+2.9 and later.
+.br
+.IP "\fBstrict\fR"
+Convert message lines ending in
+<CR><LF> only if the first input line ends in
+<CR><LF>. This setting is backwards\-compatible with
+Postfix 2.8 and earlier.
+.br
+.IP "\fBnever\fR"
+Never convert message lines ending in
+<CR><LF>. This setting exists for completeness only.
+.br
+.br
+.PP
+This feature is available in Postfix 2.9 and later.
+.SH sendmail_path (default: see "postconf \-d" output)
+A Sendmail compatibility feature that specifies the location of
+the Postfix \fBsendmail\fR(1) command. This command can be used to
+submit mail into the Postfix queue.
+.SH service_name (read\-only)
+The master.cf service name of a Postfix daemon process. This
+can be used to distinguish the logging from different services that
+use the same program name.
+.PP
+Example master.cf entries:
+.PP
+.nf
+.na
+.ft C
+# Distinguish inbound MTA logging from submission and smtps logging.
+smtp inet n \- n \- \- smtpd
+submission inet n \- n \- \- smtpd
+ \-o syslog_name=postfix/$service_name
+smtps inet n \- n \- \- smtpd
+ \-o syslog_name=postfix/$service_name
+.fi
+.ad
+.ft R
+.PP
+.nf
+.na
+.ft C
+# Distinguish outbound MTA logging from inbound relay logging.
+smtp unix \- \- n \- \- smtp
+relay unix \- \- n \- \- smtp
+ \-o syslog_name=postfix/$service_name
+.fi
+.ad
+.ft R
+.SH service_throttle_time (default: 60s)
+How long the Postfix \fBmaster\fR(8) waits before forking a server that
+appears to be malfunctioning.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH setgid_group (default: postdrop)
+The group ownership of set\-gid Postfix commands and of group\-writable
+Postfix directories. When this parameter value is changed you need
+to re\-run "\fBpostfix set\-permissions\fR" (with Postfix version 2.0 and
+earlier: "\fB/etc/postfix/post\-install set\-permissions\fR".
+.SH shlib_directory (default: see 'postconf \-d' output)
+The location of Postfix dynamically\-linked libraries
+(libpostfix\-*.so), and the default location of Postfix database
+plugins (postfix\-*.so) that have a relative pathname in the
+dynamicmaps.cf file. The shlib_directory parameter defaults to
+"no" when Postfix dynamically\-linked libraries and database plugins
+are disabled at compile time, otherwise it typically defaults to
+/usr/lib/postfix or /usr/local/lib/postfix.
+.PP
+Notes:
+.IP \(bu
+The directory specified with shlib_directory should contain
+only Postfix\-related files. Postfix dynamically\-linked libraries
+and database plugins should not be installed in a "public" system
+directory such as /usr/lib or /usr/local/lib. Linking Postfix
+dynamically\-linked library files or database plugins into non\-Postfix
+programs is not supported. Postfix dynamically\-linked libraries
+and database plugins implement a Postfix\-internal API that changes
+without maintaining compatibility.
+.IP \(bu
+You can change the shlib_directory value after Postfix is
+built. However, you may have to run ldconfig or equivalent to prevent
+Postfix programs from failing because the libpostfix\-*.so files are
+not found. No ldconfig command is needed if you keep the libpostfix\-*.so
+files in the compiled\-in default $shlib_directory location.
+.br
+.PP
+This feature is available in Postfix 3.0 and later.
+.SH show_user_unknown_table_name (default: yes)
+Display the name of the recipient table in the "User unknown"
+responses. The extra detail makes troubleshooting easier but also
+reveals information that is nobody else's business.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH showq_service_name (default: showq)
+The name of the \fBshowq\fR(8) service. This service produces mail queue
+status reports.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH smtp_address_preference (default: any)
+The address type ("ipv6", "ipv4" or "any") that the Postfix
+SMTP client will try first, when a destination has IPv6 and IPv4
+addresses with equal MX preference. This feature has no effect
+unless the inet_protocols setting enables both IPv4 and IPv6.
+.PP
+Postfix SMTP client address preference has evolved. With Postfix
+2.8 the default is "ipv6"; earlier implementations are hard\-coded
+to prefer IPv6 over IPv4.
+.PP
+Notes for mail delivery between sites that have both IPv4 and
+IPv6 connectivity:
+.IP \(bu
+The setting "smtp_address_preference = ipv6" is unsafe.
+It can fail to deliver mail when there is an outage that affects
+IPv6, while the destination is still reachable over IPv4.
+.IP \(bu
+The setting "smtp_address_preference = any" is safe. With
+this, mail will eventually be delivered even if there is an outage
+that affects IPv6 or IPv4, as long as it does not affect both.
+.br
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH smtp_address_verify_target (default: rcpt)
+In the context of email address verification, the SMTP protocol
+stage that determines whether an email address is deliverable.
+Specify one of "rcpt" or "data". The latter is needed with remote
+SMTP servers that reject recipients after the DATA command. Use
+transport_maps to apply this feature selectively:
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ transport_maps = hash:/etc/postfix/transport
+.fi
+.ad
+.ft R
+.in -4
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/transport:
+ smtp\-domain\-that\-verifies\-after\-data smtp\-data\-target:
+ lmtp\-domain\-that\-verifies\-after\-data lmtp\-data\-target:
+.fi
+.ad
+.ft R
+.in -4
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/master.cf:
+ smtp\-data\-target unix \- \- n \- \- smtp
+ \-o smtp_address_verify_target=data
+ lmtp\-data\-target unix \- \- n \- \- lmtp
+ \-o lmtp_address_verify_target=data
+.fi
+.ad
+.ft R
+.in -4
+.PP
+Unselective use of the "data" target does no harm, but will
+result in unnecessary "lost connection after DATA" events at remote
+SMTP/LMTP servers.
+.PP
+This feature is available in Postfix 3.0 and later.
+.SH smtp_always_send_ehlo (default: yes)
+Always send EHLO at the start of an SMTP session.
+.PP
+With "smtp_always_send_ehlo = no", the Postfix SMTP client sends
+EHLO only when
+the word "ESMTP" appears in the server greeting banner (example:
+220 spike.porcupine.org ESMTP Postfix).
+.SH smtp_balance_inet_protocols (default: yes)
+When a remote destination resolves to a combination of IPv4 and
+IPv6 addresses, ensure that the Postfix SMTP client can try both
+address types before it runs into the smtp_mx_address_limit.
+.PP
+This avoids an interoperability problem when a destination resolves
+to primarily IPv6 addresses, the smtp_address_limit feature eliminates
+most or all IPv4 addresses, and the destination is not reachable over
+IPv6.
+.PP
+This feature is available in Postfix 3.3 and later.
+.SH smtp_bind_address (default: empty)
+An optional numerical network address that the Postfix SMTP client
+should bind to when making an IPv4 connection.
+.PP
+This can be specified in the main.cf file for all SMTP clients, or
+it can be specified in the master.cf file for a specific client,
+for example:
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/master.cf:
+ smtp ... smtp \-o smtp_bind_address=11.22.33.44
+.fi
+.ad
+.ft R
+.in -4
+.PP
+See smtp_bind_address_enforce for how Postfix should handle
+errors (Postfix 3.7 and later).
+.PP
+Note 1: when inet_interfaces specifies no more than one IPv4
+address, and that address is a non\-loopback address, it is
+automatically used as the smtp_bind_address. This supports virtual
+IP hosting, but can be a problem on multi\-homed firewalls. See the
+inet_interfaces documentation for more detail.
+.PP
+Note 2: address information may be enclosed inside [],
+but this form is not required here.
+.SH smtp_bind_address6 (default: empty)
+An optional numerical network address that the Postfix SMTP client
+should bind to when making an IPv6 connection.
+.PP
+This feature is available in Postfix 2.2 and later.
+.PP
+This can be specified in the main.cf file for all SMTP clients, or
+it can be specified in the master.cf file for a specific client,
+for example:
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/master.cf:
+ smtp ... smtp \-o smtp_bind_address6=1:2:3:4:5:6:7:8
+.fi
+.ad
+.ft R
+.in -4
+.PP
+See smtp_bind_address_enforce for how Postfix should handle
+errors (Postfix 3.7 and later).
+.PP
+Note 1: when inet_interfaces specifies no more than one IPv6
+address, and that address is a non\-loopback address, it is
+automatically used as the smtp_bind_address6. This supports virtual
+IP hosting, but can be a problem on multi\-homed firewalls. See the
+inet_interfaces documentation for more detail.
+.PP
+Note 2: address information may be enclosed inside [],
+but this form is not recommended here.
+.SH smtp_bind_address_enforce (default: no)
+Defer delivery when the Postfix SMTP client cannot apply the
+smtp_bind_address or smtp_bind_address6 setting. By default, the
+Postfix SMTP client will continue delivery after logging a warning.
+.PP
+This feature is available in Postfix 3.7 and later.
+.SH smtp_body_checks (default: empty)
+Restricted \fBbody_checks\fR(5) tables for the Postfix SMTP client.
+These tables are searched while mail is being delivered. Actions
+that change the delivery time or destination are not available.
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH smtp_cname_overrides_servername (default: version dependent)
+When the remote SMTP servername is a DNS CNAME, replace the
+servername with the result from CNAME expansion for the purpose of
+logging, SASL password lookup, TLS
+policy decisions, or TLS certificate verification. The value "no"
+hardens Postfix smtp_tls_per_site hostname\-based policies against
+false hostname information in DNS CNAME records, and makes SASL
+password file lookups more predictable. This is the default setting
+as of Postfix 2.3.
+.PP
+When DNS CNAME records are validated with secure DNS lookups
+(smtp_dns_support_level = dnssec), they are always allowed to
+override the above servername (Postfix 2.11 and later).
+.PP
+This feature is available in Postfix 2.2.9 and later.
+.SH smtp_connect_timeout (default: 30s)
+The Postfix SMTP client time limit for completing a TCP connection, or
+zero (use the operating system built\-in time limit).
+.PP
+When no connection can be made within the deadline, the Postfix
+SMTP client
+tries the next address on the mail exchanger list. Specify 0 to
+disable the time limit (i.e. use whatever timeout is implemented by
+the operating system).
+.PP
+Specify a non\-negative time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH smtp_connection_cache_destinations (default: empty)
+Permanently enable SMTP connection caching for the specified
+destinations. With SMTP connection caching, a connection is not
+closed immediately after completion of a mail transaction. Instead,
+the connection is kept open for up to $smtp_connection_cache_time_limit
+seconds. This allows connections to be reused for other deliveries,
+and can improve mail delivery performance.
+.PP
+Specify a comma or white space separated list of destinations
+or pseudo\-destinations:
+.IP \(bu
+if mail is sent without a relay host: a domain name (the
+right\-hand side of an email address, without the [] around a numeric
+IP address),
+.IP \(bu
+if mail is sent via a relay host: a relay host name (without
+[] or non\-default TCP port), as specified in main.cf or in the
+transport map,
+.IP \(bu
+if mail is sent via a UNIX\-domain socket: a pathname (without
+the unix: prefix),
+.IP \(bu
+a /file/name with domain names and/or relay host names as
+defined above,
+.IP \(bu
+a "type:table" with domain names and/or relay host names on
+the left\-hand side. The right\-hand side result from "type:table"
+lookups is ignored.
+.br
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtp_connection_cache_on_demand (default: yes)
+Temporarily enable SMTP connection caching while a destination
+has a high volume of mail in the active queue. With SMTP connection
+caching, a connection is not closed immediately after completion
+of a mail transaction. Instead, the connection is kept open for
+up to $smtp_connection_cache_time_limit seconds. This allows
+connections to be reused for other deliveries, and can improve mail
+delivery performance.
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtp_connection_cache_time_limit (default: 2s)
+When SMTP connection caching is enabled, the amount of time that
+an unused SMTP client socket is kept open before it is closed. Do
+not specify larger values without permission from the remote sites.
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtp_connection_reuse_count_limit (default: 0)
+When SMTP connection caching is enabled, the number of times
+that an SMTP session may be reused before it is closed, or zero (no
+limit). With a reuse count limit of N, a connection is used up to
+N+1 times.
+.PP
+NOTE: This feature is unsafe. When a high\-volume destination
+has multiple inbound MTAs, then the slowest inbound MTA will attract
+the most connections to that destination. This limitation does not
+exist with the smtp_connection_reuse_time_limit feature.
+.PP
+This feature is available in Postfix 2.11.
+.SH smtp_connection_reuse_time_limit (default: 300s)
+The amount of time during which Postfix will use an SMTP
+connection repeatedly. The timer starts when the connection is
+initiated (i.e. it includes the connect, greeting and helo latency,
+in addition to the latencies of subsequent mail delivery transactions).
+.PP
+This feature addresses a performance stability problem with
+remote SMTP servers. This problem is not specific to Postfix: it
+can happen when any MTA sends large amounts of SMTP email to a site
+that has multiple MX hosts.
+.PP
+The problem starts when one of a set of MX hosts becomes slower
+than the rest. Even though SMTP clients connect to fast and slow
+MX hosts with equal probability, the slow MX host ends up with more
+simultaneous inbound connections than the faster MX hosts, because
+the slow MX host needs more time to serve each client request.
+.PP
+The slow MX host becomes a connection attractor. If one MX
+host becomes N times slower than the rest, it dominates mail delivery
+latency unless there are more than N fast MX hosts to counter the
+effect. And if the number of MX hosts is smaller than N, the mail
+delivery latency becomes effectively that of the slowest MX host
+divided by the total number of MX hosts.
+.PP
+The solution uses connection caching in a way that differs from
+Postfix version 2.2. By limiting the amount of time during which a connection
+can be used repeatedly (instead of limiting the number of deliveries
+over that connection), Postfix not only restores fairness in the
+distribution of simultaneous connections across a set of MX hosts,
+it also favors deliveries over connections that perform well, which
+is exactly what we want.
+.PP
+The default reuse time limit, 300s, is comparable to the various
+smtp transaction timeouts which are fair estimates of maximum excess
+latency for a slow delivery. Note that hosts may accept thousands
+of messages over a single connection within the default connection
+reuse time limit. This number is much larger than the default Postfix
+version 2.2 limit of 10 messages per cached connection. It may prove necessary
+to lower the limit to avoid interoperability issues with MTAs that
+exhibit bugs when many messages are delivered via a single connection.
+A lower reuse time limit risks losing the benefit of connection
+reuse when the average connection and mail delivery latency exceeds
+the reuse time limit.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH smtp_data_done_timeout (default: 600s)
+The Postfix SMTP client time limit for sending the SMTP ".", and
+for receiving the remote SMTP server response.
+.PP
+When no response is received within the deadline, a warning is
+logged that the mail may be delivered multiple times.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH smtp_data_init_timeout (default: 120s)
+The Postfix SMTP client time limit for sending the SMTP DATA command,
+and for receiving the remote SMTP server response.
+.PP
+Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH smtp_data_xfer_timeout (default: 180s)
+The Postfix SMTP client time limit for sending the SMTP message content.
+When the connection makes no progress for more than $smtp_data_xfer_timeout
+seconds the Postfix SMTP client terminates the transfer.
+.PP
+Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH smtp_defer_if_no_mx_address_found (default: no)
+Defer mail delivery when no MX record resolves to an IP address.
+.PP
+The default (no) is to return the mail as undeliverable. With older
+Postfix versions the default was to keep trying to deliver the mail
+until someone fixed the MX record or until the mail was too old.
+.PP
+Note: the Postfix SMTP client always ignores MX records with equal
+or worse preference
+than the local MTA itself.
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH smtp_delivery_status_filter (default: $default_delivery_status_filter)
+Optional filter for the \fBsmtp\fR(8) delivery agent to change the
+delivery status code or explanatory text of successful or unsuccessful
+deliveries. See default_delivery_status_filter for details.
+.PP
+NOTE: This feature modifies Postfix SMTP client error or non\-error
+messages that may or may not be derived from remote SMTP server
+responses. In contrast, the smtp_reply_filter feature modifies
+remote SMTP server responses only.
+.SH smtp_destination_concurrency_limit (default: $default_destination_concurrency_limit)
+The maximal number of parallel deliveries to the same destination
+via the smtp message delivery transport. This limit is enforced by
+the queue manager. The message delivery transport name is the first
+field in the entry in the master.cf file.
+.SH smtp_destination_recipient_limit (default: $default_destination_recipient_limit)
+The maximal number of recipients per message for the smtp
+message delivery transport. This limit is enforced by the queue
+manager. The message delivery transport name is the first field in
+the entry in the master.cf file.
+.PP
+Setting this parameter to a value of 1 changes the meaning of
+smtp_destination_concurrency_limit from concurrency per domain
+into concurrency per recipient.
+.SH smtp_discard_ehlo_keyword_address_maps (default: empty)
+Lookup tables, indexed by the remote SMTP server address, with
+case insensitive lists of EHLO keywords (pipelining, starttls, auth,
+etc.) that the Postfix SMTP client will ignore in the EHLO response from a
+remote SMTP server. See smtp_discard_ehlo_keywords for details. The
+table is not indexed by hostname for consistency with
+smtpd_discard_ehlo_keyword_address_maps.
+.PP
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtp_discard_ehlo_keywords (default: empty)
+A case insensitive list of EHLO keywords (pipelining, starttls,
+auth, etc.) that the Postfix SMTP client will ignore in the EHLO
+response from a remote SMTP server.
+.PP
+This feature is available in Postfix 2.2 and later.
+.PP
+Notes:
+.IP \(bu
+Specify the \fBsilent\-discard\fR pseudo keyword to prevent
+this action from being logged.
+.IP \(bu
+Use the smtp_discard_ehlo_keyword_address_maps feature to
+discard EHLO keywords selectively.
+.br
+.SH smtp_dns_reply_filter (default: empty)
+Optional filter for Postfix SMTP client DNS lookup results.
+Specify zero or more lookup tables. The lookup tables are searched
+in the given order for a match with the DNS lookup result, converted
+to the following form:
+.PP
+.nf
+.na
+.ft C
+ \fIname ttl class type preference value\fR
+.fi
+.ad
+.ft R
+.PP
+The \fIclass\fR field is always "IN", the \fIpreference\fR
+field exists only for MX records, the names of hosts, domains, etc.
+end in ".", and those names are in ASCII form (xn\-\-mumble form in
+the case of UTF8 names).
+.PP
+When a match is found, the table lookup result specifies an
+action. By default, the table query and the action name are
+case\-insensitive. Currently, only the \fBIGNORE\fR action is
+implemented.
+.PP
+Notes:
+.IP \(bu
+Postfix DNS reply filters have no effect on implicit DNS
+lookups through nsswitch.conf or equivalent mechanisms.
+.IP \(bu
+The Postfix SMTP/LMTP client uses smtp_dns_reply_filter
+and lmtp_dns_reply_filter only to discover a remote SMTP or LMTP
+service (record types MX, A, AAAA, and TLSA). These lookups are
+also made to implement the features reject_unverified_sender and
+reject_unverified_recipient.
+.IP \(bu
+The Postfix SMTP/LMTP client defers mail delivery when
+a filter removes all lookup results from a successful query.
+.IP \(bu
+Postfix SMTP server uses smtpd_dns_reply_filter only to
+look up MX, A, AAAA, and TXT records to implement the features
+reject_unknown_helo_hostname, reject_unknown_sender_domain,
+reject_unknown_recipient_domain, reject_rbl_*, and reject_rhsbl_*.
+.IP \(bu
+The Postfix SMTP server logs a warning or defers mail
+delivery when a filter removes all lookup results from a successful
+query.
+.br
+.PP
+Example: ignore Google AAAA records in Postfix SMTP client DNS
+lookups, because Google sometimes hard\-rejects mail from IPv6 clients
+with valid PTR etc. records.
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ smtp_dns_reply_filter = pcre:/etc/postfix/smtp_dns_reply_filter
+.fi
+.ad
+.ft R
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/smtp_dns_reply_filter:
+ # /domain ttl IN AAAA address/ action, all case\-insensitive.
+ # Note: the domain name ends in ".".
+ /^\eS+\e.google\e.com\e.\es+\eS+\es+\eS+\es+AAAA\es+/ IGNORE
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 3.0 and later.
+.SH smtp_dns_resolver_options (default: empty)
+DNS Resolver options for the Postfix SMTP client. Specify zero
+or more of the following options, separated by comma or whitespace.
+Option names are case\-sensitive. Some options refer to domain names
+that are specified in the file /etc/resolv.conf or equivalent.
+.IP "\fBres_defnames\fR"
+Append the current domain name to single\-component names (those
+that do not contain a "." character). This can produce incorrect
+results, and is the hard\-coded behavior prior to Postfix 2.8.
+.br
+.IP "\fBres_dnsrch\fR"
+Search for host names in the current domain and in parent
+domains. This can produce incorrect results and is therefore not
+recommended.
+.br
+.br
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH smtp_dns_support_level (default: empty)
+Level of DNS support in the Postfix SMTP client. With
+"smtp_dns_support_level" left at its empty default value, the legacy
+"disable_dns_lookups" parameter controls whether DNS is enabled in
+the Postfix SMTP client, otherwise the legacy parameter is ignored.
+.PP
+Specify one of the following:
+.IP "\fBdisabled\fR"
+Disable DNS lookups. No MX lookups are performed and hostname
+to address lookups are unconditionally "native". This setting is
+not appropriate for hosts that deliver mail to the public Internet.
+Some obsolete how\-to documents recommend disabling DNS lookups in
+some configurations with content_filters. This is no longer required
+and strongly discouraged.
+.br
+.IP "\fBenabled\fR"
+Enable DNS lookups. Nexthop destination domains not enclosed
+in "[]" will be subject to MX lookups. If "dns" and "native" are
+included in the "smtp_host_lookup" parameter value, DNS will be
+queried first to resolve MX\-host A records, followed by "native"
+lookups if no answer is found in DNS.
+.br
+.IP "\fBdnssec\fR"
+Enable DNSSEC
+lookups. The "dnssec" setting differs from the "enabled" setting
+above in the following ways:
+.IP \(bu
+Any MX lookups will set
+RES_USE_DNSSEC and RES_USE_EDNS0 to request DNSSEC\-validated
+responses. If the MX response is DNSSEC\-validated the corresponding
+hostnames are considered validated.
+.IP \(bu
+The address lookups of
+validated hostnames are also validated, (provided of course
+"smtp_host_lookup" includes "dns", see below).
+.IP \(bu
+Temporary
+failures in DNSSEC\-enabled hostname\-to\-address resolution block any
+"native" lookups. Additional "native" lookups only happen when
+DNSSEC lookups hard\-fail (NODATA or NXDOMAIN).
+.br
+.br
+.br
+.PP
+The Postfix SMTP client considers non\-MX "[nexthop]" and
+"[nexthop]:port" destinations equivalent to statically\-validated
+MX records of the form "nexthop. IN MX 0 nexthop." Therefore,
+with "dnssec" support turned on, validated hostname\-to\-address
+lookups apply to the nexthop domain of any "[nexthop]" or
+"[nexthop]:port" destination. This is also true for LMTP "inet:host"
+and "inet:host:port" destinations, as LMTP hostnames are never
+subject to MX lookups.
+.PP
+The "dnssec" setting is recommended only if you plan to use the
+dane or dane\-only TLS security
+level, otherwise enabling DNSSEC support in Postfix offers no
+additional security. Postfix DNSSEC support relies on an upstream
+recursive nameserver that validates DNSSEC signatures. Such a DNS
+server will always filter out forged DNS responses, even when Postfix
+itself is not configured to use DNSSEC.
+.PP
+When using Postfix DANE support the "smtp_host_lookup" parameter
+should include "dns", as DANE is not applicable
+to hosts resolved via "native" lookups.
+.PP
+As mentioned above, Postfix is not a validating stub
+resolver; it relies on the system's configured DNSSEC\-validating
+recursive
+nameserver to perform all DNSSEC validation. Since this
+nameserver's DNSSEC\-validated responses will be fully trusted, it
+is strongly recommended that the MTA host have a local DNSSEC\-validating
+recursive caching nameserver listening on a loopback address, and
+be configured to use only this nameserver for all lookups. Otherwise,
+Postfix may remain subject to man\-in\-the\-middle attacks that forge
+responses from the recursive nameserver
+.PP
+DNSSEC support requires a version of Postfix compiled against a
+reasonably\-modern DNS \fBresolver\fR(3) library that implements the
+RES_USE_DNSSEC and RES_USE_EDNS0 resolver options.
+.PP
+This feature is available in Postfix 2.11 and later.
+.SH smtp_enforce_tls (default: no)
+Enforcement mode: require that remote SMTP servers use TLS
+encryption, and never send mail in the clear. This also requires
+that the remote SMTP server hostname matches the information in
+the remote server certificate, and that the remote SMTP server
+certificate was issued by a CA that is trusted by the Postfix SMTP
+client. If the certificate doesn't verify or the hostname doesn't
+match, delivery is deferred and mail stays in the queue.
+.PP
+The server hostname is matched against all names provided as
+dNSNames in the SubjectAlternativeName. If no dNSNames are specified,
+the CommonName is checked. The behavior may be changed with the
+smtp_tls_enforce_peername option.
+.PP
+This option is useful only if you are definitely sure that you
+will only connect to servers that support RFC 2487 _and_ that
+provide valid server certificates. Typical use is for clients that
+send all their email to a dedicated mailhub.
+.PP
+This feature is available in Postfix 2.2 and later. With
+Postfix 2.3 and later use smtp_tls_security_level instead.
+.SH smtp_fallback_relay (default: $fallback_relay)
+Optional list of relay destinations that will be used when an
+SMTP destination is not found, or when delivery fails due to a
+non\-permanent error. With Postfix 2.2 and earlier this parameter
+is called fallback_relay.
+.PP
+By default, smtp_fallback_relay is empty, mail is returned to
+the sender when a destination is not found, and delivery is deferred
+after it fails due to a non\-permanent error.
+.PP
+With bulk email deliveries, it can be beneficial to run the
+fallback relay MTA on the same host, so that it can reuse the sender
+IP address. This speeds up deliveries that are delayed by IP\-based
+reputation systems (greylist, etc.).
+.PP
+The fallback relays must be SMTP destinations. Specify a domain,
+host, host:port, [host]:port, [address] or [address]:port; the form
+[host] turns off MX lookups. If you specify multiple SMTP
+destinations, Postfix will try them in the specified order.
+.PP
+To prevent mailer loops between MX hosts and fall\-back hosts,
+Postfix version 2.2 and later will not use the fallback relays for
+destinations that it is MX host for (assuming DNS lookup is turned on).
+.SH smtp_generic_maps (default: empty)
+Optional lookup tables that perform address rewriting in the
+Postfix SMTP client, typically to transform a locally valid address into
+a globally valid address when sending mail across the Internet.
+This is needed when the local machine does not have its own Internet
+domain name, but uses something like \fIlocaldomain.local\fR
+instead.
+.PP
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+.PP
+The table format and lookups are documented in \fBgeneric\fR(5);
+examples are shown in the ADDRESS_REWRITING_README and
+STANDARD_CONFIGURATION_README documents.
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtp_header_checks (default: empty)
+Restricted \fBheader_checks\fR(5) tables for the Postfix SMTP client.
+These tables are searched while mail is being delivered. Actions
+that change the delivery time or destination are not available.
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH smtp_helo_name (default: $myhostname)
+The hostname to send in the SMTP HELO or EHLO command.
+.PP
+The default value is the machine hostname. Specify a hostname or
+[ip.add.re.ss].
+.PP
+This information can be specified in the main.cf file for all SMTP
+clients, or it can be specified in the master.cf file for a specific
+client, for example:
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/master.cf:
+ mysmtp ... smtp \-o smtp_helo_name=foo.bar.com
+.fi
+.ad
+.ft R
+.in -4
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH smtp_helo_timeout (default: 300s)
+The Postfix SMTP client time limit for sending the HELO or EHLO command,
+and for receiving the initial remote SMTP server response.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH smtp_host_lookup (default: dns)
+What mechanisms the Postfix SMTP client uses to look up a host's
+IP address. This parameter is ignored when DNS lookups are disabled
+(see: disable_dns_lookups and smtp_dns_support_level). The "dns"
+mechanism is always tried before "native" if both are listed.
+.PP
+Specify one of the following:
+.IP "\fBdns\fR"
+Hosts can be found in the DNS (preferred).
+.br
+.IP "\fBnative\fR"
+Use the native naming service only (nsswitch.conf, or equivalent
+mechanism).
+.br
+.IP "\fBdns, native\fR"
+Use the native service for hosts not found in the DNS.
+.br
+.br
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH smtp_line_length_limit (default: 998)
+The maximal length of message header and body lines that Postfix
+will send via SMTP. This limit does not include the <CR><LF>
+at the end of each line. Longer lines are broken by inserting
+"<CR><LF><SPACE>", to minimize the damage to MIME
+formatted mail. Specify zero to disable this limit.
+.PP
+The Postfix limit of 998 characters not including <CR><LF>
+is consistent with the SMTP limit of 1000 characters including
+<CR><LF>. The Postfix limit was 990 with Postfix 2.8
+and earlier.
+.SH smtp_mail_timeout (default: 300s)
+The Postfix SMTP client time limit for sending the MAIL FROM command,
+and for receiving the remote SMTP server response.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH smtp_mime_header_checks (default: empty)
+Restricted \fBmime_header_checks\fR(5) tables for the Postfix SMTP
+client. These tables are searched while mail is being delivered.
+Actions that change the delivery time or destination are not
+available.
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH smtp_min_data_rate (default: 500)
+The minimum plaintext data transfer rate in bytes/second for
+DATA requests, when deadlines are enabled with smtp_per_request_deadline.
+After a write operation transfers N plaintext message bytes (possibly
+after TLS encryption), and after the DATA request deadline is
+decremented by the elapsed time of that write operation, the DATA
+request deadline is incremented by N/smtp_min_data_rate seconds.
+However, the deadline will never be incremented beyond the time
+limit specified with smtp_data_xfer_timeout.
+.PP
+This feature is available in Postfix 3.7 and later.
+.SH smtp_mx_address_limit (default: 5)
+The maximal number of MX (mail exchanger) IP addresses that can
+result from Postfix SMTP client mail exchanger lookups, or zero (no
+limit). Prior to
+Postfix version 2.3, this limit was disabled by default.
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH smtp_mx_session_limit (default: 2)
+The maximal number of SMTP sessions per delivery request before
+the Postfix SMTP client
+gives up or delivers to a fall\-back relay host, or zero (no
+limit). This restriction ignores sessions that fail to complete the
+SMTP initial handshake (Postfix version 2.2 and earlier) or that fail to
+complete the EHLO and TLS handshake (Postfix version 2.3 and later).
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH smtp_nested_header_checks (default: empty)
+Restricted \fBnested_header_checks\fR(5) tables for the Postfix SMTP
+client. These tables are searched while mail is being delivered.
+Actions that change the delivery time or destination are not
+available.
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH smtp_never_send_ehlo (default: no)
+Never send EHLO at the start of an SMTP session. See also the
+smtp_always_send_ehlo parameter.
+.SH smtp_per_record_deadline (default: no)
+Change the behavior of the smtp_*_timeout time limits, from a
+time limit per read or write system call, to a time limit to send
+or receive a complete record (an SMTP command line, SMTP response
+line, SMTP message content line, or TLS protocol message). This
+limits the impact from hostile peers that trickle data one byte at
+a time.
+.PP
+Note: when per\-record deadlines are enabled, a short timeout
+may cause problems with TLS over very slow network connections.
+The reasons are that a TLS protocol message can be up to 16 kbytes
+long (with TLSv1), and that an entire TLS protocol message must be
+sent or received within the per\-record deadline.
+.PP
+This feature is available in Postfix 2.9\-3.6. With older
+Postfix releases, the behavior is as if this parameter is set to
+"no". Postfix 3.7 and later use smtp_per_request_deadline.
+.SH smtp_per_request_deadline (default: no)
+Change the behavior of the smtp_*_timeout time limits, from a
+time limit per plaintext or TLS read or write call, to a combined
+time limit for sending a complete SMTP request and for receiving a
+complete SMTP response. The deadline limits only the time spent
+waiting for plaintext or TLS read or write calls, not time spent
+elsewhere. The per\-request deadline limits the impact from hostile
+peers that trickle data one byte at a time.
+.PP
+See smtp_min_data_rate for how the per\-request deadline is
+managed during the DATA phase.
+.PP
+Note: when per\-request deadlines are enabled, a short time limit
+may cause problems with TLS over very slow network connections. The
+reason is that a TLS protocol message can be up to 16 kbytes long
+(with TLSv1), and that an entire TLS protocol message must be
+transferred within the per\-request deadline.
+.PP
+This feature is available in Postfix 3.7 and later. A weaker
+feature, called smtp_per_record_deadline, is available with Postfix
+2.9\-3.6.
+.PP
+This feature is available in Postfix 3.7 and later.
+.SH smtp_pix_workaround_delay_time (default: 10s)
+How long the Postfix SMTP client pauses before sending
+".<CR><LF>" in order to work around the PIX firewall
+"<CR><LF>.<CR><LF>" bug.
+.PP
+Choosing too short a time makes this workaround ineffective when
+sending large messages over slow network connections.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH smtp_pix_workaround_maps (default: empty)
+Lookup tables, indexed by the remote SMTP server address, with
+per\-destination workarounds for CISCO PIX firewall bugs. The table
+is not indexed by hostname for consistency with
+smtp_discard_ehlo_keyword_address_maps.
+.PP
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+.PP
+This feature is available in Postfix 2.4 and later.
+.SH smtp_pix_workaround_threshold_time (default: 500s)
+How long a message must be queued before the Postfix SMTP client
+turns on the PIX firewall "<CR><LF>.<CR><LF>"
+bug workaround for delivery through firewalls with "smtp fixup"
+mode turned on.
+.PP
+Specify a non\-negative time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+By default, the workaround is turned off for mail that is queued
+for less than 500 seconds. In other words, the workaround is normally
+turned off for the first delivery attempt.
+.PP
+Specify 0 to enable the PIX firewall
+"<CR><LF>.<CR><LF>" bug workaround upon the
+first delivery attempt.
+.SH smtp_pix_workarounds (default: disable_esmtp, delay_dotcrlf)
+A list that specifies zero or more workarounds for CISCO PIX
+firewall bugs. These workarounds are implemented by the Postfix
+SMTP client. Workaround names are separated by comma or space, and
+are case insensitive. This parameter setting can be overruled with
+per\-destination smtp_pix_workaround_maps settings.
+.IP "\fBdelay_dotcrlf\fR
+Insert a delay before sending
+".<CR><LF>" after the end of the message content. The
+delay is subject to the smtp_pix_workaround_delay_time and
+smtp_pix_workaround_threshold_time parameter settings.
+.br
+.IP "\fBdisable_esmtp\fR
+Disable all extended SMTP commands:
+send HELO instead of EHLO.
+.br
+.br
+.PP
+This feature is available in Postfix 2.4 and later. The default
+settings are backwards compatible with earlier Postfix versions.
+.SH smtp_quit_timeout (default: 300s)
+The Postfix SMTP client time limit for sending the QUIT command,
+and for receiving the remote SMTP server response.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH smtp_quote_rfc821_envelope (default: yes)
+Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands
+as required
+by RFC 5321. This includes putting quotes around an address localpart
+that ends in ".".
+.PP
+The default is to comply with RFC 5321. If you have to send mail to
+a broken SMTP server, configure a special SMTP client in master.cf:
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/master.cf:
+ broken\-smtp . . . smtp \-o smtp_quote_rfc821_envelope=no
+.fi
+.ad
+.ft R
+.in -4
+.PP
+and route mail for the destination in question to the "broken\-smtp"
+message delivery with a \fBtransport\fR(5) table.
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH smtp_randomize_addresses (default: yes)
+Randomize the order of equal\-preference MX host addresses. This
+is a performance feature of the Postfix SMTP client.
+.SH smtp_rcpt_timeout (default: 300s)
+The Postfix SMTP client time limit for sending the SMTP RCPT TO
+command, and for receiving the remote SMTP server response.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH smtp_reply_filter (default: empty)
+A mechanism to transform replies from remote SMTP servers one
+line at a time. This is a last\-resort tool to work around server
+replies that break interoperability with the Postfix SMTP client.
+Other uses involve fault injection to test Postfix's handling of
+invalid responses.
+.PP
+Notes:
+.IP \(bu
+In the case of a multi\-line reply, the Postfix SMTP client
+uses the final reply line's numerical SMTP reply code and enhanced
+status code.
+.IP \(bu
+The numerical SMTP reply code (XYZ) takes precedence over
+the enhanced status code (X.Y.Z). When the enhanced status code
+initial digit differs from the SMTP reply code initial digit, or
+when no enhanced status code is present, the Postfix SMTP client
+uses a generic enhanced status code (X.0.0) instead.
+.br
+.PP
+Specify the name of a "type:table" lookup table. The search
+string is a single SMTP reply line as received from the remote SMTP
+server, except that the trailing <CR><LF> are removed.
+When the lookup succeeds, the result replaces the single SMTP reply
+line.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ smtp_reply_filter = pcre:/etc/postfix/reply_filter
+.fi
+.ad
+.ft R
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/reply_filter:
+ # Transform garbage into "250\-filler..." so that it looks like
+ # one line from a multi\-line reply. It does not matter what we
+ # substitute here as long it has the right syntax. The Postfix
+ # SMTP client will use the final line's numerical SMTP reply
+ # code and enhanced status code.
+ !/^([2\-5][0\-9][0\-9]($|[\- ]))/ 250\-filler for garbage
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.7.
+.SH smtp_rset_timeout (default: 20s)
+The Postfix SMTP client time limit for sending the RSET command,
+and for receiving the remote SMTP server response. The SMTP client
+sends RSET in
+order to finish a recipient address probe, or to verify that a
+cached session is still usable.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH smtp_sasl_auth_cache_name (default: empty)
+An optional table to prevent repeated SASL authentication
+failures with the same remote SMTP server hostname, username and
+password. Each table (key, value) pair contains a server name, a
+username and password, and the full server response. This information
+is stored when a remote SMTP server rejects an authentication attempt
+with a 535 reply code. As long as the smtp_sasl_password_maps
+information does not change, and as long as the smtp_sasl_auth_cache_name
+information does not expire (see smtp_sasl_auth_cache_time) the
+Postfix SMTP client avoids SASL authentication attempts with the
+same server, username and password, and instead bounces or defers
+mail as controlled with the smtp_sasl_auth_soft_bounce configuration
+parameter.
+.PP
+Use a per\-destination delivery concurrency of 1 (for example,
+"smtp_destination_concurrency_limit = 1",
+"relay_destination_concurrency_limit = 1", etc.), otherwise multiple
+delivery agents may experience a login failure at the same time.
+.PP
+The table must be accessed via the proxywrite service, i.e. the
+map name must start with "proxy:". The table should be stored under
+the directory specified with the data_directory parameter.
+.PP
+This feature uses cryptographic hashing to protect plain\-text
+passwords, and requires that Postfix is compiled with TLS support.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtp_sasl_auth_cache_name = proxy:btree:/var/lib/postfix/sasl_auth_cache
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH smtp_sasl_auth_cache_time (default: 90d)
+The maximal age of an smtp_sasl_auth_cache_name entry before it
+is removed.
+.PP
+Specify a non\-negative time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is d (days).
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH smtp_sasl_auth_enable (default: no)
+Enable SASL authentication in the Postfix SMTP client. By default,
+the Postfix SMTP client uses no authentication.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtp_sasl_auth_enable = yes
+.fi
+.ad
+.ft R
+.SH smtp_sasl_auth_soft_bounce (default: yes)
+When a remote SMTP server rejects a SASL authentication request
+with a 535 reply code, defer mail delivery instead of returning
+mail as undeliverable. The latter behavior was hard\-coded prior to
+Postfix version 2.5.
+.PP
+Note: the setting "yes" overrides the global soft_bounce
+parameter, but the setting "no" does not.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+# Default as of Postfix 2.5
+smtp_sasl_auth_soft_bounce = yes
+# The old hard\-coded default
+smtp_sasl_auth_soft_bounce = no
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH smtp_sasl_mechanism_filter (default: empty)
+If non\-empty, a Postfix SMTP client filter for the remote SMTP
+server's list of offered SASL mechanisms. Different client and
+server implementations may support different mechanism lists; by
+default, the Postfix SMTP client will use the intersection of the
+two. smtp_sasl_mechanism_filter specifies an optional third mechanism
+list to intersect with.
+.PP
+Specify mechanism names, "/file/name" patterns or "type:table"
+lookup tables. The right\-hand side result from "type:table" lookups
+is ignored. Specify "!pattern" to exclude a mechanism name from the
+list. The form "!/file/name" is supported only in Postfix version
+2.4 and later.
+.PP
+This feature is available in Postfix 2.2 and later.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+smtp_sasl_mechanism_filter = plain, login
+smtp_sasl_mechanism_filter = /etc/postfix/smtp_mechs
+smtp_sasl_mechanism_filter = !gssapi, !login, static:rest
+.fi
+.ad
+.ft R
+.SH smtp_sasl_password_maps (default: empty)
+Optional Postfix SMTP client lookup tables with one username:password
+entry per sender, remote hostname or next\-hop domain. Per\-sender
+lookup is done only when sender\-dependent authentication is enabled.
+If no username:password entry is found, then the Postfix SMTP client
+will not attempt to authenticate to the remote host.
+.PP
+The Postfix SMTP client opens the lookup table before going to
+chroot jail, so you can leave the password file in /etc/postfix.
+.PP
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+.SH smtp_sasl_path (default: empty)
+Implementation\-specific information that the Postfix SMTP client
+passes through to
+the SASL plug\-in implementation that is selected with
+\fBsmtp_sasl_type\fR. Typically this specifies the name of a
+configuration file or rendezvous point.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH smtp_sasl_security_options (default: noplaintext, noanonymous)
+Postfix SMTP client SASL security options; as of Postfix 2.3
+the list of available
+features depends on the SASL client implementation that is selected
+with \fBsmtp_sasl_type\fR.
+.PP
+The following security features are defined for the \fBcyrus\fR
+client SASL implementation:
+.PP
+Specify zero or more of the following:
+.IP "\fBnoplaintext\fR"
+Disallow methods that use plaintext passwords.
+.br
+.IP "\fBnoactive\fR"
+Disallow methods subject to active (non\-dictionary) attack.
+.br
+.IP "\fBnodictionary\fR"
+Disallow methods subject to passive (dictionary) attack.
+.br
+.IP "\fBnoanonymous\fR"
+Disallow methods that allow anonymous authentication.
+.br
+.IP "\fBmutual_auth\fR"
+Only allow methods that provide mutual authentication (not
+available with SASL version 1).
+.br
+.br
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtp_sasl_security_options = noplaintext
+.fi
+.ad
+.ft R
+.SH smtp_sasl_tls_security_options (default: $smtp_sasl_security_options)
+The SASL authentication security options that the Postfix SMTP
+client uses for TLS encrypted SMTP sessions.
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtp_sasl_tls_verified_security_options (default: $smtp_sasl_tls_security_options)
+The SASL authentication security options that the Postfix SMTP
+client uses for TLS encrypted SMTP sessions with a verified server
+certificate.
+.PP
+When mail is sent to the public MX host for the recipient's
+domain, server certificates are by default optional, and delivery
+proceeds even if certificate verification fails. For delivery via
+a submission service that requires SASL authentication, it may be
+appropriate to send plaintext passwords only when the connection
+to the server is strongly encrypted \fBand\fR the server identity
+is verified.
+.PP
+The smtp_sasl_tls_verified_security_options parameter makes it
+possible to only enable plaintext mechanisms when a secure connection
+to the server is available. Submission servers subject to this
+policy must either have verifiable certificates or offer suitable
+non\-plaintext SASL mechanisms.
+.PP
+This feature is available in Postfix 2.6 and later.
+.SH smtp_sasl_type (default: cyrus)
+The SASL plug\-in type that the Postfix SMTP client should use
+for authentication. The available types are listed with the
+"\fBpostconf \-A\fR" command.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH smtp_send_dummy_mail_auth (default: no)
+Whether or not to append the "AUTH=<>" option to the MAIL
+FROM command in SASL\-authenticated SMTP sessions. The default is
+not to send this, to avoid problems with broken remote SMTP servers.
+Before Postfix 2.9 the behavior is as if "smtp_send_dummy_mail_auth
+= yes".
+.PP
+This feature is available in Postfix 2.9 and later.
+.SH smtp_send_xforward_command (default: no)
+Send the non\-standard XFORWARD command when the Postfix SMTP server
+EHLO response announces XFORWARD support.
+.PP
+This allows a Postfix SMTP delivery agent, used for injecting mail
+into
+a content filter, to forward the name, address, protocol and HELO
+name of the original client to the content filter and downstream
+queuing SMTP server. This can produce more useful logging than
+localhost[127.0.0.1] etc.
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH smtp_sender_dependent_authentication (default: no)
+Enable sender\-dependent authentication in the Postfix SMTP client; this is
+available only with SASL authentication, and disables SMTP connection
+caching to ensure that mail from different senders will use the
+appropriate credentials.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH smtp_skip_4xx_greeting (default: yes)
+Skip SMTP servers that greet with a 4XX status code (go away, try
+again later).
+.PP
+By default, the Postfix SMTP client moves on the next mail exchanger.
+Specify
+"smtp_skip_4xx_greeting = no" if Postfix should defer delivery
+immediately.
+.PP
+This feature is available in Postfix 2.0 and earlier.
+Later Postfix versions always skip remote SMTP servers that greet
+with a
+4XX status code.
+.SH smtp_skip_5xx_greeting (default: yes)
+Skip remote SMTP servers that greet with a 5XX status code.
+.PP
+By default, the Postfix SMTP client moves on the next mail
+exchanger. Specify "smtp_skip_5xx_greeting = no" if Postfix should
+bounce the mail immediately. Caution: the latter behavior appears
+to contradict RFC 2821.
+.SH smtp_skip_quit_response (default: yes)
+Do not wait for the response to the SMTP QUIT command.
+.SH smtp_starttls_timeout (default: 300s)
+Time limit for Postfix SMTP client write and read operations
+during TLS startup and shutdown handshake procedures.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtp_tcp_port (default: smtp)
+The default TCP port that the Postfix SMTP client connects to.
+Specify a symbolic name (see \fBservices\fR(5)) or a numeric port.
+.SH smtp_tls_CAfile (default: empty)
+A file containing CA certificates of root CAs trusted to sign
+either remote SMTP server certificates or intermediate CA certificates.
+These are loaded into memory before the \fBsmtp\fR(8) client enters the
+chroot jail. If the number of trusted roots is large, consider using
+smtp_tls_CApath instead, but note that the latter directory must be
+present in the chroot jail if the \fBsmtp\fR(8) client is chrooted. This
+file may also be used to augment the client certificate trust chain,
+but it is best to include all the required certificates directly in
+$smtp_tls_cert_file (or, Postfix >= 3.4 $smtp_tls_chain_files).
+.PP
+Specify "smtp_tls_CAfile = /path/to/system_CA_file" to use
+ONLY the system\-supplied default Certification Authority certificates.
+.PP
+Specify "tls_append_default_CA = no" to prevent Postfix from
+appending the system\-supplied default CAs and trusting third\-party
+certificates.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtp_tls_CAfile = /etc/postfix/CAcert.pem
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtp_tls_CApath (default: empty)
+Directory with PEM format Certification Authority certificates
+that the Postfix SMTP client uses to verify a remote SMTP server
+certificate. Don't forget to create the necessary "hash" links
+with, for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs".
+.PP
+To use this option in chroot mode, this directory (or a copy)
+must be inside the chroot jail.
+.PP
+Specify "smtp_tls_CApath = /path/to/system_CA_directory" to
+use ONLY the system\-supplied default Certification Authority certificates.
+.PP
+Specify "tls_append_default_CA = no" to prevent Postfix from
+appending the system\-supplied default CAs and trusting third\-party
+certificates.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtp_tls_CApath = /etc/postfix/certs
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtp_tls_block_early_mail_reply (default: no)
+Try to detect a mail hijacking attack based on a TLS protocol
+vulnerability (CVE\-2009\-3555), where an attacker prepends malicious
+HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session.
+The attack would succeed with non\-Postfix SMTP servers that reply
+to the malicious HELO, MAIL, RCPT, DATA commands after negotiating
+the Postfix SMTP client TLS session.
+.PP
+This feature is available in Postfix 2.7.
+.SH smtp_tls_cert_file (default: empty)
+File with the Postfix SMTP client RSA certificate in PEM format.
+This file may also contain the Postfix SMTP client private RSA key, and
+these may be the same as the Postfix SMTP server RSA certificate and key
+file. With Postfix >= 3.4 the preferred way to configure client keys
+and certificates is via the "smtp_tls_chain_files" parameter.
+.PP
+Do not configure client certificates unless you \fBmust\fR present
+client TLS certificates to one or more servers. Client certificates are
+not usually needed, and can cause problems in configurations that work
+well without them. The recommended setting is to let the defaults stand:
+.sp
+.in +4
+.nf
+.na
+.ft C
+smtp_tls_cert_file =
+smtp_tls_key_file =
+smtp_tls_eccert_file =
+smtp_tls_eckey_file =
+# Obsolete DSA parameters
+smtp_tls_dcert_file =
+smtp_tls_dkey_file =
+# Postfix >= 3.4 interface
+smtp_tls_chain_files =
+.fi
+.ad
+.ft R
+.in -4
+.PP
+The best way to use the default settings is to comment out the above
+parameters in main.cf if present.
+.PP
+To enable remote SMTP servers to verify the Postfix SMTP client
+certificate, the issuing CA certificates must be made available to the
+server. You should include the required certificates in the client
+certificate file, the client certificate first, then the issuing
+CA(s) (bottom\-up order).
+.PP
+Example: the certificate for "client.example.com" was issued by
+"intermediate CA" which itself has a certificate issued by "root CA".
+As the "root" super\-user create the client.pem file with:
+.sp
+.in +4
+.nf
+.na
+.ft C
+# \fBumask 077\fR
+# \fBcat client_key.pem client_cert.pem intermediate_CA.pem > chain.pem \fR
+.fi
+.ad
+.ft R
+.in -4
+.PP
+If you also want to verify remote SMTP server certificates issued by
+these CAs, you can add the CA certificates to the smtp_tls_CAfile, in
+which case it is not necessary to have them in the smtp_tls_cert_file,
+smtp_tls_dcert_file (obsolete) or smtp_tls_eccert_file.
+.PP
+A certificate supplied here must be usable as an SSL client certificate
+and hence pass the "openssl verify \-purpose sslclient ..." test.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtp_tls_cert_file = /etc/postfix/chain.pem
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtp_tls_chain_files (default: empty)
+List of one or more PEM files, each holding one or more private keys
+directly followed by a corresponding certificate chain. The file names
+are separated by commas and/or whitespace. This parameter obsoletes the
+legacy algorithm\-specific key and certificate file settings. When this
+parameter is non\-empty, the legacy parameters are ignored, and a warning
+is logged if any are also non\-empty.
+.PP
+With the proliferation of multiple private key algorithms-which,
+as of OpenSSL 1.1.1, include DSA (obsolete), RSA, ECDSA, Ed25519
+and Ed448-it is increasingly impractical to use separate
+parameters to configure the key and certificate chain for each
+algorithm. Therefore, Postfix now supports storing multiple keys and
+corresponding certificate chains in a single file or in a set of files.
+.PP
+Each key must appear \fBimmediately before\fR the corresponding
+certificate, optionally followed by additional issuer certificates that
+complete the certificate chain for that key. When multiple files are
+specified, they are equivalent to a single file that is concatenated
+from those files in the given order. Thus, while a key must always
+precede its certificate and issuer chain, it can be in a separate file,
+so long as that file is listed immediately before the file that holds
+the corresponding certificate chain. Once all the files are
+concatenated, the sequence of PEM objects must be: \fIkey1, cert1,
+[chain1], key2, cert2, [chain2], ..., keyN, certN, [chainN].\fR
+.PP
+Storing the private key in the same file as the corresponding
+certificate is more reliable. With the key and certificate in separate
+files, there is a chance that during key rollover a Postfix process
+might load a private key and certificate from separate files that don't
+match. Various operational errors may even result in a persistent
+broken configuration in which the certificate does not match the private
+key.
+.PP
+The file or files must contain at most one key of each type. If,
+for example, two or more RSA keys and corresponding chains are listed,
+depending on the version of OpenSSL either only the last one will be
+used or a configuration error may be detected. Note that while
+"Ed25519" and "Ed448" are considered separate algorithms, the various
+ECDSA curves (typically one of prime256v1, secp384r1 or secp521r1) are
+considered as different parameters of a single "ECDSA" algorithm, so it
+is not presently possible to configure keys for more than one ECDSA
+curve.
+.PP
+Example (separate files for each key and corresponding certificate chain):
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ smtp_tls_chain_files =
+ ${config_directory}/ed25519.pem,
+ ${config_directory}/ed448.pem,
+ ${config_directory}/rsa.pem
+.fi
+.ad
+.ft R
+.in -4
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/ed25519.pem:
+ \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-
+ MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3
+ \-\-\-\-\-END PRIVATE KEY\-\-\-\-\-
+ \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+ MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG
+ ...
+ nC0egv51YPDWxEHom4QA
+ \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+.fi
+.ad
+.ft R
+.in -4
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/ed448.pem:
+ \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-
+ MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe
+ LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A==
+ \-\-\-\-\-END PRIVATE KEY\-\-\-\-\-
+ \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+ MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG
+ ...
+ pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA
+ \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+.fi
+.ad
+.ft R
+.in -4
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/rsa.pem:
+ \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-
+ MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL
+ ...
+ ahQkZ3+krcaJvDSMgvu0tDc=
+ \-\-\-\-\-END PRIVATE KEY\-\-\-\-\-
+ \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+ MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL
+ ...
+ Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE=
+ \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+.fi
+.ad
+.ft R
+.in -4
+.PP
+Example (all keys and certificates in a single file):
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ smtp_tls_chain_files = ${config_directory}/chains.pem
+.fi
+.ad
+.ft R
+.in -4
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/chains.pem:
+ \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-
+ MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3
+ \-\-\-\-\-END PRIVATE KEY\-\-\-\-\-
+ \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+ MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG
+ ...
+ nC0egv51YPDWxEHom4QA
+ \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+ \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-
+ MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe
+ LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A==
+ \-\-\-\-\-END PRIVATE KEY\-\-\-\-\-
+ \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+ MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG
+ ...
+ pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA
+ \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+ \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-
+ MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL
+ ...
+ ahQkZ3+krcaJvDSMgvu0tDc=
+ \-\-\-\-\-END PRIVATE KEY\-\-\-\-\-
+ \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+ MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL
+ ...
+ Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE=
+ \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+.fi
+.ad
+.ft R
+.in -4
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH smtp_tls_cipherlist (default: empty)
+Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
+cipher list. As this feature applies to all TLS security levels, it is easy
+to create interoperability problems by choosing a non\-default cipher
+list. Do not use a non\-default TLS cipher list on hosts that deliver email
+to the public Internet: you will be unable to send email to servers that
+only support the ciphers you exclude. Using a restricted cipher list
+may be more appropriate for an internal MTA, where one can exert some
+control over the TLS software and settings of the peer servers.
+.PP
+\fBNote:\fR do not use "" quotes around the parameter value.
+.PP
+This feature is available in Postfix version 2.2. It is not used with
+Postfix 2.3 and later; use smtp_tls_mandatory_ciphers instead.
+.SH smtp_tls_ciphers (default: medium)
+The minimum TLS cipher grade that the Postfix SMTP client
+will use with opportunistic TLS encryption. Cipher types listed in
+smtp_tls_exclude_ciphers are excluded from the base definition of
+the selected cipher grade. The default value is "medium" for
+Postfix releases after the middle of 2015, "export" for older
+releases.
+.PP
+When TLS is mandatory the cipher grade is chosen via the
+smtp_tls_mandatory_ciphers configuration parameter, see there for syntax
+details. See smtp_tls_policy_maps for information on how to configure
+ciphers on a per\-destination basis.
+.PP
+This feature is available in Postfix 2.6 and later. With earlier Postfix
+releases only the smtp_tls_mandatory_ciphers parameter is implemented,
+and opportunistic TLS always uses "export" or better (i.e. all) ciphers.
+.SH smtp_tls_connection_reuse (default: no)
+Try to make multiple deliveries per TLS\-encrypted connection.
+This uses the \fBtlsproxy\fR(8) service to encrypt an SMTP connection,
+uses the \fBscache\fR(8) service to save that connection, and relies on
+hints from the \fBqmgr\fR(8) daemon.
+.PP
+See "Client\-side
+TLS connection reuse" for background details.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH smtp_tls_dane_insecure_mx_policy (default: see "postconf \-d" output)
+The TLS policy for MX hosts with "secure" TLSA records when the
+nexthop destination security level is \fBdane\fR, but the MX
+record was found via an "insecure" MX lookup. The choices are:
+.IP "\fBmay\fR"
+The TLSA records will be ignored and TLS will be optional. If
+the MX host does not appear to support STARTTLS, or the STARTTLS
+handshake fails, mail may be sent in the clear.
+.br
+.IP "\fBencrypt\fR"
+The TLSA records will signal a requirement to use TLS. While
+TLS encryption will be required, authentication will not be performed.
+.br
+.IP "\fBdane\fR"
+The TLSA records will be used just as with "secure" MX records.
+TLS encryption will be required, and, if at least one of the TLSA
+records is "usable", authentication will be required. When
+authentication succeeds, it will be logged only as "Trusted", not
+"Verified", because the MX host name could have been forged.
+.br
+.br
+The default setting for Postfix >= 3.6 is "dane" with
+"smtp_tls_security_level = dane", otherwise "may". This behavior
+was backported to Postfix versions 3.5.9, 3.4.19, 3.3.16. 3.2.21.
+With earlier Postfix versions the default setting was always "dane".
+.PP
+Though with "insecure" MX records an active attacker can
+compromise SMTP transport security by returning forged MX records,
+such attacks are "tamper\-evident" since any forged MX hostnames
+will be recorded in the mail logs. Attackers who place a high value
+on staying hidden may be deterred from forging MX records.
+.PP
+This feature is available in Postfix 3.1 and later. The \fBmay\fR
+policy is backwards\-compatible with earlier Postfix versions.
+.SH smtp_tls_dcert_file (default: empty)
+File with the Postfix SMTP client DSA certificate in PEM format.
+This file may also contain the Postfix SMTP client private DSA key.
+The DSA algorithm is obsolete and should not be used.
+.PP
+See the discussion under smtp_tls_cert_file for more details.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtp_tls_dcert_file = /etc/postfix/client\-dsa.pem
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtp_tls_dkey_file (default: $smtp_tls_dcert_file)
+File with the Postfix SMTP client DSA private key in PEM format.
+This file may be combined with the Postfix SMTP client DSA certificate
+file specified with $smtp_tls_dcert_file. The DSA algorithm is obsolete
+and should not be used.
+.PP
+The private key must be accessible without a pass\-phrase, i.e. it
+must not be encrypted. File permissions should grant read\-only
+access to the system superuser account ("root"), and no access
+to anyone else.
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtp_tls_eccert_file (default: empty)
+File with the Postfix SMTP client ECDSA certificate in PEM format.
+This file may also contain the Postfix SMTP client ECDSA private key.
+With Postfix >= 3.4 the preferred way to configure client keys and
+certificates is via the "smtp_tls_chain_files" parameter.
+.PP
+See the discussion under smtp_tls_cert_file for more details.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtp_tls_eccert_file = /etc/postfix/ecdsa\-ccert.pem
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.6 and later, when Postfix is
+compiled and linked with OpenSSL 1.0.0 or later.
+.SH smtp_tls_eckey_file (default: $smtp_tls_eccert_file)
+File with the Postfix SMTP client ECDSA private key in PEM format.
+This file may be combined with the Postfix SMTP client ECDSA certificate
+file specified with $smtp_tls_eccert_file. With Postfix >= 3.4 the
+preferred way to configure client keys and certificates is via the
+"smtp_tls_chain_files" parameter.
+.PP
+The private key must be accessible without a pass\-phrase, i.e. it
+must not be encrypted. File permissions should grant read\-only
+access to the system superuser account ("root"), and no access
+to anyone else.
+.PP
+This feature is available in Postfix 2.6 and later, when Postfix is
+compiled and linked with OpenSSL 1.0.0 or later.
+.SH smtp_tls_enforce_peername (default: yes)
+With mandatory TLS encryption, require that the remote SMTP
+server hostname matches the information in the remote SMTP server
+certificate. As of RFC 2487 the requirements for hostname checking
+for MTA clients are not specified.
+.PP
+This option can be set to "no" to disable strict peer name
+checking. This setting has no effect on sessions that are controlled
+via the smtp_tls_per_site table.
+.PP
+Disabling the hostname verification can make sense in a closed
+environment where special CAs are created. If not used carefully,
+this option opens the danger of a "man\-in\-the\-middle" attack (the
+CommonName of this attacker will be logged).
+.PP
+This feature is available in Postfix 2.2 and later. With
+Postfix 2.3 and later use smtp_tls_security_level instead.
+.SH smtp_tls_exclude_ciphers (default: empty)
+List of ciphers or cipher types to exclude from the Postfix
+SMTP client cipher
+list at all TLS security levels. This is not an OpenSSL cipherlist, it is
+a simple list separated by whitespace and/or commas. The elements are a
+single cipher, or one or more "+" separated cipher properties, in which
+case only ciphers matching \fBall\fR the properties are excluded.
+.PP
+Examples (some of these will cause problems):
+.sp
+.in +4
+.nf
+.na
+.ft C
+smtp_tls_exclude_ciphers = aNULL
+smtp_tls_exclude_ciphers = MD5, DES
+smtp_tls_exclude_ciphers = DES+MD5
+smtp_tls_exclude_ciphers = AES256\-SHA, DES\-CBC3\-MD5
+smtp_tls_exclude_ciphers = kEDH+aRSA
+.fi
+.ad
+.ft R
+.in -4
+.PP
+The first setting disables anonymous ciphers. The next setting
+disables ciphers that use the MD5 digest algorithm or the (single) DES
+encryption algorithm. The next setting disables ciphers that use MD5 and
+DES together. The next setting disables the two ciphers "AES256\-SHA"
+and "DES\-CBC3\-MD5". The last setting disables ciphers that use "EDH"
+key exchange with RSA authentication.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH smtp_tls_fingerprint_cert_match (default: empty)
+List of acceptable remote SMTP server certificate fingerprints for
+the "fingerprint" TLS security level (\fBsmtp_tls_security_level\fR =
+fingerprint). At this security level, Certification Authorities are not
+used, and certificate expiration times are ignored. Instead, server
+certificates are verified directly via their certificate fingerprint
+or public key fingerprint (Postfix 2.9 and later). The fingerprint
+is a message digest of the server certificate (or public key). The
+digest algorithm is selected via the \fBsmtp_tls_fingerprint_digest\fR
+parameter.
+.PP
+The colons between each pair of nibbles in the fingerprint value
+are optional (Postfix >= 3.6). These were required in earlier
+Postfix releases.
+.PP
+When an \fBsmtp_tls_policy_maps\fR table entry specifies the
+"fingerprint" security level, any "match" attributes in that entry specify
+the list of valid fingerprints for the corresponding destination. Multiple
+fingerprints can be combined with a "|" delimiter in a single match
+attribute, or multiple match attributes can be employed.
+.PP
+Example: Certificate fingerprint verification with internal mailhub.
+Two matching fingerprints are listed. The relayhost may be multiple
+physical hosts behind a load\-balancer, each with its own private/public
+key and self\-signed certificate. Alternatively, a single relayhost may
+be in the process of switching from one set of private/public keys to
+another, and both keys are trusted just prior to the transition.
+.sp
+.in +4
+.nf
+.na
+.ft C
+relayhost = [mailhub.example.com]
+smtp_tls_security_level = fingerprint
+smtp_tls_fingerprint_digest = sha256
+smtp_tls_fingerprint_cert_match =
+ cd:fc:d8:db:f8:c4:82:96:6c:...:28:71:e8:f5:8d:a5:0d:9b:d4:a6
+ dd:5c:ef:f5:c3:bc:64:25:36:...:99:36:06:ce:40:ef:de:2e:ad:a4
+.fi
+.ad
+.ft R
+.in -4
+.PP
+Example: Certificate fingerprint verification with selected destinations.
+As in the example above, we show two matching fingerprints:
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
+ smtp_tls_fingerprint_digest = sha256
+.fi
+.ad
+.ft R
+.in -4
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/tls_policy:
+ example.com fingerprint
+ match=51:e9:af:2e:1e:40:1f:...:64:0a:30:35:2d:09:16:31:5a:eb:82:76
+ match=b6:b4:72:34:e2:59:cd:...:c2:ca:63:0d:4d:cc:2c:7d:84:de:e6:2f
+.fi
+.ad
+.ft R
+.in -4
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH smtp_tls_fingerprint_digest (default: see "postconf \-d" output)
+The message digest algorithm used to construct remote SMTP server
+certificate fingerprints. At the "fingerprint" TLS security level
+(\fBsmtp_tls_security_level\fR = fingerprint), the server certificate is
+verified by directly matching its certificate fingerprint or its public
+key fingerprint (Postfix 2.9 and later). The fingerprint is the
+message digest of the server certificate (or its public key)
+using the selected
+algorithm. With a digest algorithm resistant to "second pre\-image"
+attacks, it is not feasible to create a new public key and a matching
+certificate (or public/private key\-pair) that has the same fingerprint.
+.PP
+The default algorithm is \fBsha256\fR with Postfix >= 3.6
+and the \fBcompatibility_level\fR set to 3.6 or higher. With Postfix
+<= 3.5, the default algorithm is \fBmd5\fR.
+.PP
+The best\-practice algorithm is now \fBsha256\fR. Recent advances in hash
+function cryptanalysis have led to md5 and sha1 being deprecated in favor of
+sha256. However, as long as there are no known "second pre\-image" attacks
+against the older algorithms, their use in this context, though not
+recommended, is still likely safe.
+.PP
+While additional digest algorithms are often available with OpenSSL's
+libcrypto, only those used by libssl in SSL cipher suites are available to
+Postfix. You'll likely find support for md5, sha1, sha256 and sha512.
+.PP
+To find the fingerprint of a specific certificate file, with a
+specific digest algorithm, run:
+.sp
+.in +4
+.nf
+.na
+.ft C
+$ openssl x509 \-noout \-fingerprint \-\fIdigest\fR \-in \fIcertfile\fR.pem
+.fi
+.ad
+.ft R
+.in -4
+.PP
+The text to the right of the "=" sign is the desired fingerprint.
+For example:
+.sp
+.in +4
+.nf
+.na
+.ft C
+$ openssl x509 \-noout \-fingerprint \-sha256 \-in cert.pem
+SHA256 Fingerprint=D4:6A:AB:19:24:...:BB:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A
+.fi
+.ad
+.ft R
+.in -4
+.PP
+To extract the public key fingerprint from an X.509 certificate,
+you need to extract the public key from the certificate and compute
+the appropriate digest of its DER (ASN.1) encoding. With OpenSSL
+the "\-pubkey" option of the "x509" command extracts the public
+key always in "PEM" format. We pipe the result to another OpenSSL
+command that converts the key to DER and then to the "dgst" command
+to compute the fingerprint.
+.PP
+The actual command to transform the key to DER format depends on the
+version of OpenSSL used. As of OpenSSL 1.0.0, the "pkey" command supports
+all key types.
+.sp
+.in +4
+.nf
+.na
+.ft C
+# OpenSSL >= 1.0 with SHA\-256 fingerprints.
+$ openssl x509 \-in cert.pem \-noout \-pubkey |
+ openssl pkey \-pubin \-outform DER |
+ openssl dgst \-sha256 \-c
+(stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:...:fc:09:1a:61:98:b5:bc:7c:60:58
+.fi
+.ad
+.ft R
+.in -4
+.PP
+The Postfix SMTP server and client log the peer (leaf) certificate
+fingerprint and the public key fingerprint when the TLS loglevel is 2 or
+higher.
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH smtp_tls_force_insecure_host_tlsa_lookup (default: no)
+Lookup the associated DANE TLSA RRset even when a hostname is
+not an alias and its address records lie in an unsigned zone. This
+is unlikely to ever yield DNSSEC validated results, since child
+zones of unsigned zones are also unsigned in the absence of DLV or
+locally configured non\-root trust\-anchors. We anticipate that such
+mechanisms will not be used for just the "_tcp" subdomain of a host.
+Suppressing the TLSA RRset lookup reduces latency and avoids potential
+interoperability problems with nameservers for unsigned zones that
+are not prepared to handle the new TLSA RRset.
+.PP
+This feature is available in Postfix 2.11.
+.SH smtp_tls_key_file (default: $smtp_tls_cert_file)
+File with the Postfix SMTP client RSA private key in PEM format.
+This file may be combined with the Postfix SMTP client RSA certificate
+file specified with $smtp_tls_cert_file. With Postfix >= 3.4 the
+preferred way to configure client keys and certificates is via the
+"smtp_tls_chain_files" parameter.
+.PP
+The private key must be accessible without a pass\-phrase, i.e. it
+must not be encrypted. File permissions should grant read\-only
+access to the system superuser account ("root"), and no access
+to anyone else.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtp_tls_key_file = $smtp_tls_cert_file
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtp_tls_loglevel (default: 0)
+Enable additional Postfix SMTP client logging of TLS activity.
+Each logging level also includes the information that is logged at
+a lower logging level.
+.IP ""
+0 Disable logging of TLS activity.
+.br
+.IP ""
+1 Log only a summary message on TLS handshake completion
+- no logging of remote SMTP server certificate trust\-chain
+verification errors if server certificate verification is not required.
+With Postfix 2.8 and earlier, log the summary message and unconditionally
+log trust\-chain verification errors.
+.br
+.IP ""
+2 Also log levels during TLS negotiation.
+.br
+.IP ""
+3 Also log the hexadecimal and ASCII dump of the
+TLS negotiation process.
+.br
+.IP ""
+4 Also log the hexadecimal and ASCII dump of complete
+transmission after STARTTLS.
+.br
+.br
+.PP
+Do not use "smtp_tls_loglevel = 2" or higher except in case of
+problems. Use of loglevel 4 is strongly discouraged.
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtp_tls_mandatory_ciphers (default: medium)
+The minimum TLS cipher grade that the Postfix SMTP client will
+use with
+mandatory TLS encryption. The default value "medium" is suitable
+for most destinations with which you may want to enforce TLS, and
+is beyond the reach of today's cryptanalytic methods. See
+smtp_tls_policy_maps for information on how to configure ciphers
+on a per\-destination basis.
+.PP
+The following cipher grades are supported:
+.IP "\fBhigh\fR"
+Enable only "HIGH" grade OpenSSL ciphers. This setting may
+be appropriate when all mandatory TLS destinations (e.g. when all
+mail is routed to a suitably capable relayhost) support at least one
+"HIGH" grade cipher. The underlying cipherlist is specified via the
+tls_high_cipherlist configuration parameter, which you are strongly
+encouraged not to change.
+.br
+.IP "\fBmedium\fR"
+Enable "MEDIUM" grade or better OpenSSL ciphers.
+The underlying cipherlist is specified via the tls_medium_cipherlist
+configuration parameter, which you are strongly encouraged not to change.
+.br
+.IP "\fBnull\fR"
+Enable only the "NULL" OpenSSL ciphers, these provide authentication
+without encryption. This setting is only appropriate in the rare case
+that all servers are prepared to use NULL ciphers (not normally enabled
+in TLS servers). A plausible use\-case is an LMTP server listening on a
+UNIX\-domain socket that is configured to support "NULL" ciphers. The
+underlying cipherlist is specified via the tls_null_cipherlist
+configuration parameter, which you are strongly encouraged not to
+change.
+.br
+.IP "\fBlow\fR"
+Enable "LOW" grade or stronger OpenSSL ciphers. In Postfix
+>= 3.8 this cipher grade is always identical to "medium". Recent
+versions of OpenSSL do not support any "LOW" grade ciphers. In
+earlier Postfix releases the underlying cipherlist was specified
+via the tls_low_cipherlist configuration parameter, which you are
+strongly encouraged not to change. This obsolete cipher grade
+SHOULD NOT be used.
+.br
+.IP "\fBexport\fR"
+Enable "EXPORT" grade or stronger OpenSSL ciphers. In Postfix
+>= 3.8 this cipher grade is always identical to "medium". Recent
+versions of OpenSSL do not support any "EXPORT" grade ciphers. In
+earlier Postfix releases the underlying cipherlist was specified
+via the tls_export_cipherlist configuration parameter, which you are
+strongly encouraged not to change. This obsolete cipher grade
+SHOULD NOT be used.
+.br
+.br
+.PP
+The underlying cipherlists for grades other than "null" include
+anonymous ciphers, but these are automatically filtered out if the
+Postfix SMTP client is configured to verify server certificates.
+You are very unlikely to need to take any steps to exclude anonymous
+ciphers, they are excluded automatically as necessary. If you must
+exclude anonymous ciphers at the "may" or "encrypt" security levels,
+when the Postfix SMTP client does not need or use peer certificates, set
+"smtp_tls_exclude_ciphers = aNULL". To exclude anonymous ciphers only when
+TLS is enforced, set "smtp_tls_mandatory_exclude_ciphers = aNULL".
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH smtp_tls_mandatory_exclude_ciphers (default: empty)
+Additional list of ciphers or cipher types to exclude from the
+Postfix SMTP client cipher list at mandatory TLS security levels. This list
+works in addition to the exclusions listed with smtp_tls_exclude_ciphers
+(see there for syntax details).
+.PP
+Starting with Postfix 2.6, the mandatory cipher exclusions can be
+specified on a per\-destination basis via the TLS policy "exclude"
+attribute. See smtp_tls_policy_maps for notes and examples.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH smtp_tls_mandatory_protocols (default: see "postconf \-d" output)
+TLS protocols that the Postfix SMTP client will use with mandatory
+TLS encryption. In main.cf the values are separated by whitespace,
+commas or colons. In the policy table "protocols" attribute (see
+smtp_tls_policy_maps) the only valid separator is colon. An empty value
+means allow all protocols.
+.PP
+The valid protocol names (see \fBSSL_get_version\fR(3)) are "SSLv2",
+"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
+Postfix 3.6, the default value is ">=TLSv1", which sets TLS 1.0 as
+the lowest supported TLS protocol version (see below). Older releases
+use the "!" exclusion syntax, also described below.
+.PP
+As of Postfix 3.6, the preferred way to limit the range of
+acceptable protocols is to set a lowest acceptable TLS protocol version
+and/or a highest acceptable TLS protocol version. To set the lower
+bound include an element of the form: ">=\fIversion\fR" where
+\fIversion\fR is a either one of the TLS protocol names listed above,
+or a hexadecimal number corresponding to the desired TLS protocol
+version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
+bound, use "<=\fIversion\fR". There must be no whitespace between
+the ">=" or "<=" symbols and the protocol name or number.
+.PP
+Hexadecimal protocol numbers make it possible to specify protocol
+bounds for TLS versions that are known to OpenSSL, but might not be
+known to Postfix. They cannot be used with the legacy exclusion syntax.
+Leading "0" or "0x" prefixes are supported, but not required.
+Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
+"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
+upper or lower bound, and a warning will be logged. Hexadecimal
+versions should only be used when Postfix is linked with some future
+version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
+yet support a symbolic name for that protocol version.
+.PP
+Hexadecimal example (Postfix >= 3.6):
+.sp
+.in +4
+.nf
+.na
+.ft C
+# Allow only TLS 1.2 through (hypothetical) TLS 1.4, once supported
+# in some future version of OpenSSL (presently a warning is logged).
+smtp_tls_mandatory_protocols = >=TLSv1.2, <=0305
+# Allow only TLS 1.2 and up:
+smtp_tls_mandatory_protocols = >=0x0303
+.fi
+.ad
+.ft R
+.in -4
+.PP
+With Postfix < 3.6 there is no support for a minimum or maximum
+version, and the protocol range is configured via protocol exclusions.
+To require at least TLS 1.0, set "smtp_tls_mandatory_protocols = !SSLv2,
+!SSLv3". Listing the protocols to include, rather than the protocols to
+exclude, is supported, but not recommended. The exclusion syntax more
+accurately matches the underlying OpenSSL interface.
+.PP
+When using the exclusion syntax, take care to ensure that the range
+of protocols supported by the Postfix SMTP client is contiguous. When
+a protocol version is enabled, disabling any higher version implicitly
+disables all versions above that higher version. Thus, for example:
+.sp
+.in +4
+.nf
+.na
+.ft C
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1.1
+.fi
+.ad
+.ft R
+.in -4
+.PP
+also disables any protocol versions higher than TLSv1.1 leaving
+only "TLSv1" enabled.
+.PP
+Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
+this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
+releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2).
+.PP
+While the vast majority of SMTP servers with DANE TLSA records now
+support at least TLS 1.2, a few still only support TLS 1.0. If you use
+"dane" or "dane\-only" it is best not to disable TLSv1, except perhaps
+via the policy table for destinations which you are sure will support
+"TLSv1.2".
+.PP
+See the documentation of the smtp_tls_policy_maps parameter and
+TLS_README for more information about security levels.
+.PP
+Example:
+.nf
+.na
+.ft C
+# Preferred syntax with Postfix >= 3.6:
+smtp_tls_mandatory_protocols = >=TLSv1.2, <=TLSv1.3
+# Legacy syntax:
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH smtp_tls_note_starttls_offer (default: no)
+Log the hostname of a remote SMTP server that offers STARTTLS,
+when TLS is not already enabled for that server.
+.PP
+The logfile record looks like:
+.PP
+.nf
+.na
+.ft C
+postfix/smtp[pid]: Host offered STARTTLS: [name.of.host]
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtp_tls_per_site (default: empty)
+Optional lookup tables with the Postfix SMTP client TLS usage
+policy by next\-hop destination and by remote SMTP server hostname.
+When both lookups succeed, the more specific per\-site policy (NONE,
+MUST, etc.) overrides the less specific one (MAY), and the more secure
+per\-site policy (MUST, etc.) overrides the less secure one (NONE).
+With Postfix 2.3 and later smtp_tls_per_site is strongly discouraged:
+use smtp_tls_policy_maps instead.
+.PP
+Use of the bare hostname as the per\-site table lookup key is
+discouraged. Always use the full destination nexthop (enclosed in
+[] with a possible ":port" suffix). A recipient domain or MX\-enabled
+transport next\-hop with no port suffix may look like a bare hostname,
+but is still a suitable \fIdestination\fR.
+.PP
+Specify a next\-hop destination or server hostname on the left\-hand
+side; no wildcards are allowed. The next\-hop destination is either
+the recipient domain, or the destination specified with a \fBtransport\fR(5)
+table, the relayhost parameter, or the relay_transport parameter.
+On the right hand side specify one of the following keywords:
+.IP "NONE"
+Don't use TLS at all. This overrides a less
+specific \fBMAY\fR lookup result from the alternate host or next\-hop
+lookup key, and overrides the global smtp_use_tls, smtp_enforce_tls,
+and smtp_tls_enforce_peername settings.
+.br
+.IP "MAY"
+Try to use TLS if the server announces support,
+otherwise use an unencrypted connection. This has less precedence
+than a more specific result (including \fBNONE\fR) from the alternate
+host or next\-hop lookup key, and has less precedence than the more
+specific global "smtp_enforce_tls = yes" or "smtp_tls_enforce_peername
+= yes".
+.br
+.IP "MUST_NOPEERMATCH"
+Require TLS encryption, but do not
+require that the remote SMTP server hostname matches the information
+in the remote SMTP server certificate, or that the server certificate
+was issued by a trusted CA. This overrides a less secure \fBNONE\fR
+or a less specific \fBMAY\fR lookup result from the alternate host
+or next\-hop lookup key, and overrides the global smtp_use_tls,
+smtp_enforce_tls and smtp_tls_enforce_peername settings.
+.br
+.IP "MUST"
+Require TLS encryption, require that the remote
+SMTP server hostname matches the information in the remote SMTP
+server certificate, and require that the remote SMTP server certificate
+was issued by a trusted CA. This overrides a less secure \fBNONE\fR
+or \fBMUST_NOPEERMATCH\fR or a less specific \fBMAY\fR lookup
+result from the alternate host or next\-hop lookup key, and overrides
+the global smtp_use_tls, smtp_enforce_tls and smtp_tls_enforce_peername
+settings.
+.br
+.br
+.PP
+The above keywords correspond to the "none", "may", "encrypt" and
+"verify" security levels for the new smtp_tls_security_level parameter
+introduced in Postfix 2.3. Starting with Postfix 2.3, and independently
+of how the policy is specified, the smtp_tls_mandatory_ciphers and
+smtp_tls_mandatory_protocols parameters apply when TLS encryption
+is mandatory. Connections for which encryption is optional typically
+enable all "export" grade and better ciphers (see smtp_tls_ciphers
+and smtp_tls_protocols).
+.PP
+As long as no secure DNS lookup mechanism is available, false
+hostnames in MX or CNAME responses can change the server hostname
+that Postfix uses for TLS policy lookup and server certificate
+verification. Even with a perfect match between the server hostname and
+the server certificate, there is no guarantee that Postfix is connected
+to the right server. See TLS_README (Closing a DNS loophole with obsolete
+per\-site TLS policies) for a possible work\-around.
+.PP
+This feature is available in Postfix 2.2 and later. With
+Postfix 2.3 and later use smtp_tls_policy_maps instead.
+.SH smtp_tls_policy_maps (default: empty)
+Optional lookup tables with the Postfix SMTP client TLS security
+policy by next\-hop destination; when a non\-empty value is specified,
+this overrides the obsolete smtp_tls_per_site parameter. See
+TLS_README for a more detailed discussion of TLS security levels.
+.PP
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+.PP
+The TLS policy table is indexed by the full next\-hop destination,
+which is either the recipient domain, or the verbatim next\-hop
+specified in the transport table, $local_transport, $virtual_transport,
+$relay_transport or $default_transport. This includes any enclosing
+square brackets and any non\-default destination server port suffix. The
+LMTP socket type prefix (inet: or unix:) is not included in the lookup
+key.
+.PP
+Only the next\-hop domain, or $myhostname with LMTP over UNIX\-domain
+sockets, is used as the nexthop name for certificate verification. The
+port and any enclosing square brackets are used in the table lookup key,
+but are not used for server name verification.
+.PP
+When the lookup key is a domain name without enclosing square brackets
+or any \fI:port\fR suffix (typically the recipient domain), and the full
+domain is not found in the table, just as with the \fBtransport\fR(5) table,
+the parent domain starting with a leading "." is matched recursively. This
+allows one to specify a security policy for a recipient domain and all
+its sub\-domains.
+.PP
+The lookup result is a security level, followed by an optional list
+of whitespace and/or comma separated name=value attributes that override
+related main.cf settings. The TLS security levels in order of increasing
+security are:
+.IP "\fBnone\fR"
+No TLS. No additional attributes are supported at this level.
+.br
+.IP "\fBmay\fR"
+Opportunistic TLS. Since sending in the clear is acceptable,
+demanding stronger than default TLS security merely reduces
+interoperability. The optional "ciphers", "exclude", and "protocols"
+attributes (available for opportunistic TLS with Postfix >= 2.6)
+and "connection_reuse" attribute (Postfix >= 3.4) override the
+"smtp_tls_ciphers", "smtp_tls_exclude_ciphers", "smtp_tls_protocols",
+and
+"smtp_tls_connection_reuse" configuration parameters. In the policy table,
+multiple ciphers, protocols or excluded ciphers must be separated by colons,
+as attribute values may not contain whitespace or commas. When opportunistic
+TLS handshakes fail, Postfix retries the connection with TLS disabled.
+This allows mail delivery to sites with non\-interoperable TLS
+implementations.
+.br
+.IP "\fBencrypt\fR"
+Mandatory TLS encryption. At this level
+and higher, the optional "protocols" attribute overrides the main.cf
+smtp_tls_mandatory_protocols parameter, the optional "ciphers" attribute
+overrides the main.cf smtp_tls_mandatory_ciphers parameter, the
+optional "exclude" attribute (Postfix >= 2.6) overrides the main.cf
+smtp_tls_mandatory_exclude_ciphers parameter, and the optional
+"connection_reuse" attribute (Postfix >= 3.4) overrides the
+main.cf smtp_tls_connection_reuse parameter. In the policy table,
+multiple ciphers, protocols or excluded ciphers must be separated by colons,
+as attribute values may not contain whitespace or commas.
+.br
+.IP "\fBdane\fR"
+Opportunistic DANE TLS. The TLS policy for the destination is
+obtained via TLSA records in DNSSEC. If no TLSA records are found,
+the effective security level used is may. If TLSA records are
+found, but none are usable, the effective security level is encrypt. When usable
+TLSA records are obtained for the remote SMTP server, the
+server certificate must match the TLSA records. RFC 7672 (DANE)
+TLS authentication and DNSSEC support is available with Postfix
+2.11 and later. The optional "connection_reuse" attribute (Postfix
+>= 3.4) overrides the main.cf smtp_tls_connection_reuse parameter.
+When the effective security level used is may, the optional "ciphers",
+"exclude", and "protocols" attributes (Postfix >= 2.6) override the
+"smtp_tls_ciphers", "smtp_tls_exclude_ciphers", and "smtp_tls_protocols"
+configuration parameters.
+When the effective security level used is encrypt, the optional "ciphers",
+"exclude", and "protocols" attributes (Postfix >= 2.6) override the
+"smtp_tls_mandatory_ciphers", "smtp_tls_mandatory_exclude_ciphers", and
+"smtp_tls_mandatory_protocols" configuration parameters.
+.br
+.IP "\fBdane\-only\fR"
+Mandatory DANE TLS. The TLS policy for the destination is
+obtained via TLSA records in DNSSEC. If no TLSA records are found,
+or none are usable, no connection is made to the server. When
+usable TLSA records are obtained for the remote SMTP server, the
+server certificate must match the TLSA records. RFC 7672 (DANE) TLS
+authentication and DNSSEC support is available with Postfix 2.11
+and later. The optional "ciphers", "exclude", and "protocols" attributes
+(Postfix >= 2.6) override the "smtp_tls_mandatory_ciphers",
+"smtp_tls_mandatory_exclude_ciphers", and "smtp_tls_mandatory_protocols"
+configuration parameters. The optional "connection_reuse" attribute
+(Postfix >= 3.4) overrides the main.cf smtp_tls_connection_reuse parameter.
+.br
+.IP "\fBfingerprint\fR"
+Certificate fingerprint
+verification. Available with Postfix 2.5 and later. At this security
+level, there are no trusted Certification Authorities. The certificate
+trust chain, expiration date, ... are not checked. Instead,
+the optional "match" attribute, or else the main.cf
+\fBsmtp_tls_fingerprint_cert_match\fR parameter, lists the certificate
+fingerprints or the public key fingerprint (Postfix 2.9 and later)
+of the valid server certificate. The digest
+algorithm used to calculate the fingerprint is selected by the
+\fBsmtp_tls_fingerprint_digest\fR parameter. Multiple fingerprints can
+be combined with a "|" delimiter in a single match attribute, or multiple
+match attributes can be employed. The ":" character is not used as a
+delimiter as it occurs between each pair of fingerprint (hexadecimal)
+digits. The optional "ciphers", "exclude", and "protocols" attributes
+(Postfix >= 2.6) override the "smtp_tls_mandatory_ciphers",
+"smtp_tls_mandatory_exclude_ciphers", and "smtp_tls_mandatory_protocols"
+configuration parameters. The optional "connection_reuse" attribute
+(Postfix >= 3.4) overrides the main.cf smtp_tls_connection_reuse
+parameter.
+.br
+.IP "\fBverify\fR"
+Mandatory TLS verification. At this security
+level, DNS MX lookups are trusted to be secure enough, and the name
+verified in the server certificate is usually obtained indirectly via
+unauthenticated DNS MX lookups. The optional "match" attribute overrides
+the main.cf smtp_tls_verify_cert_match parameter. In the policy table,
+multiple match patterns and strategies must be separated by colons.
+In practice explicit control over matching is more common with the
+"secure" policy, described below. The optional "ciphers", "exclude",
+and "protocols" attributes (Postfix >= 2.6) override the
+"smtp_tls_mandatory_ciphers", "smtp_tls_mandatory_exclude_ciphers", and
+"smtp_tls_mandatory_protocols" configuration parameters. The optional
+"connection_reuse" attribute (Postfix >= 3.4) overrides the main.cf
+smtp_tls_connection_reuse parameter.
+.br
+.IP "\fBsecure\fR"
+Secure\-channel TLS. At this security level, DNS
+MX lookups, though potentially used to determine the candidate next\-hop
+gateway IP addresses, are \fBnot\fR trusted to be secure enough for TLS
+peername verification. Instead, the default name verified in the server
+certificate is obtained directly from the next\-hop, or is explicitly
+specified via the optional "match" attribute which overrides the
+main.cf smtp_tls_secure_cert_match parameter. In the policy table,
+multiple match patterns and strategies must be separated by colons.
+The match attribute is most useful when multiple domains are supported by
+a common server: the policy entries for additional domains specify matching
+rules for the primary domain certificate. While transport table overrides
+that route the secondary domains to the primary nexthop also allow secure
+verification, they risk delivery to the wrong destination when domains
+change hands or are re\-assigned to new gateways. With the "match"
+attribute approach, routing is not perturbed, and mail is deferred if
+verification of a new MX host fails. The optional "ciphers", "exclude",
+and "protocols" attributes (Postfix >= 2.6) override the
+"smtp_tls_mandatory_ciphers", "smtp_tls_mandatory_exclude_ciphers", and
+"smtp_tls_mandatory_protocols" configuration parameters. The optional
+"connection_reuse" attribute (Postfix >= 3.4) overrides the main.cf
+smtp_tls_connection_reuse parameter.
+.br
+.br
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
+ # Postfix 2.5 and later.
+ #
+ # The default digest is sha256 with Postfix >= 3.6 and
+ # compatibility level >= 3.
+ #
+ smtp_tls_fingerprint_digest = sha256
+.fi
+.ad
+.ft R
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/tls_policy:
+ example.edu none
+ example.mil may
+ example.gov encrypt protocols=TLSv1
+ example.com verify ciphers=high
+ example.net secure
+ .example.net secure match=.example.net:example.net
+ [mail.example.org]:587 secure match=nexthop
+ # Postfix 2.5 and later
+ [thumb.example.org] fingerprint
+ match=b6:b4:72:34:e2:59:cd:...:c2:ca:63:0d:4d:cc:2c:7d:84:de:e6:2f
+ match=51:e9:af:2e:1e:40:1f:...:64:0a:30:35:2d:09:16:31:5a:eb:82:76
+.fi
+.ad
+.ft R
+.PP
+\fBNote:\fR The "hostname" strategy if listed in a non\-default
+setting of smtp_tls_secure_cert_match or in the "match" attribute
+in the policy table can render the "secure" level vulnerable to
+DNS forgery. Do not use the "hostname" strategy for secure\-channel
+configurations in environments where DNS security is not assured.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH smtp_tls_protocols (default: see postconf \-d output)
+TLS protocols that the Postfix SMTP client will use with
+opportunistic TLS encryption. In main.cf the values are separated by
+whitespace, commas or colons. In the policy table "protocols" attribute
+(see smtp_tls_policy_maps) the only valid separator is colon. An empty
+value means allow all protocols.
+.PP
+The valid protocol names (see \fBSSL_get_version\fR(3)) are "SSLv2",
+"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
+Postfix 3.6, the default value is ">=TLSv1", which sets TLS 1.0 as
+the lowest supported TLS protocol version (see below). Older releases
+use the "!" exclusion syntax, also described below.
+.PP
+As of Postfix 3.6, the preferred way to limit the range of
+acceptable protocols is to set the lowest acceptable TLS protocol
+version and/or the highest acceptable TLS protocol version. To set the
+lower bound include an element of the form: ">=\fIversion\fR" where
+\fIversion\fR is either one of the TLS protocol names listed above,
+or a hexadecimal number corresponding to the desired TLS protocol
+version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
+bound, use "<=\fIversion\fR". There must be no whitespace between
+the ">=" or "<=" symbols and the protocol name or number.
+.PP
+Hexadecimal protocol numbers make it possible to specify protocol
+bounds for TLS versions that are known to OpenSSL, but might not be
+known to Postfix. They cannot be used with the legacy exclusion syntax.
+Leading "0" or "0x" prefixes are supported, but not required.
+Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
+"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
+upper or lower bound, and a warning will be logged. Hexadecimal
+versions should only be used when Postfix is linked with some future
+version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
+yet support a symbolic name for that protocol version.
+.PP
+Hexadecimal example (Postfix >= 3.6):
+.sp
+.in +4
+.nf
+.na
+.ft C
+# Allow only TLS 1.0 through (hypothetical) TLS 1.4, once supported
+# in some future version of OpenSSL (presently a warning is logged).
+smtp_tls_protocols = >=TLSv1, <=0305
+# Allow only TLS 1.0 and up:
+smtp_tls_protocols = >=0x0301
+.fi
+.ad
+.ft R
+.in -4
+.PP
+With Postfix < 3.6 there is no support for a minimum or maximum
+version, and the protocol range is configured via protocol exclusions.
+To require at least TLS 1.0, set "smtp_tls_protocols = !SSLv2, !SSLv3".
+Listing the protocols to include, rather than protocols to exclude, is
+supported, but not recommended. The exclusion form more accurately
+matches the underlying OpenSSL interface.
+.PP
+When using the exclusion syntax, take care to ensure that the range of
+protocols advertised by an SSL/TLS client is contiguous. When a protocol
+version is enabled, disabling any higher version implicitly disables all
+versions above that higher version. Thus, for example:
+.sp
+.in +4
+.nf
+.na
+.ft C
+smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1.1
+.fi
+.ad
+.ft R
+.in -4
+also disables any protocols version higher than TLSv1.1 leaving
+only "TLSv1" enabled.
+.PP
+Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
+this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
+releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2).
+.PP
+Example:
+.nf
+.na
+.ft C
+# Preferred syntax with Postfix >= 3.6:
+smtp_tls_protocols = >=TLSv1, <=TLSv1.3
+# Legacy syntax:
+smtp_tls_protocols = !SSLv2, !SSLv3
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.6 and later.
+.SH smtp_tls_scert_verifydepth (default: 9)
+The verification depth for remote SMTP server certificates. A depth
+of 1 is sufficient if the issuing CA is listed in a local CA file.
+.PP
+The default verification depth is 9 (the OpenSSL default) for
+compatibility with earlier Postfix behavior. Prior to Postfix 2.5,
+the default value was 5, but the limit was not actually enforced. If
+you have set this to a lower non\-default value, certificates with longer
+trust chains may now fail to verify. Certificate chains with 1 or 2
+CAs are common, deeper chains are more rare and any number between 5
+and 9 should suffice in practice. You can choose a lower number if,
+for example, you trust certificates directly signed by an issuing CA
+but not any CAs it delegates to.
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtp_tls_secure_cert_match (default: nexthop, dot\-nexthop)
+How the Postfix SMTP client verifies the server certificate
+peername for the "secure" TLS security level. In a "secure" TLS policy table
+($smtp_tls_policy_maps) entry the optional "match" attribute
+overrides this main.cf setting.
+.PP
+This parameter specifies one or more patterns or strategies separated
+by commas, whitespace or colons. In the policy table the only valid
+separator is the colon character.
+.PP
+For a description of the pattern and strategy syntax see the
+smtp_tls_verify_cert_match parameter. The "hostname" strategy should
+be avoided in this context, as in the absence of a secure global DNS, using
+the results of MX lookups in certificate verification is not immune to active
+(man\-in\-the\-middle) attacks on DNS.
+.PP
+Sample main.cf setting:
+.sp
+.in +4
+.nf
+.na
+.ft C
+smtp_tls_secure_cert_match = nexthop
+.fi
+.ad
+.ft R
+.in -4
+.PP
+Sample policy table override:
+.sp
+.in +4
+.nf
+.na
+.ft C
+example.net secure match=example.com:.example.com
+\&.example.net secure match=example.com:.example.com
+.fi
+.ad
+.ft R
+.in -4
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH smtp_tls_security_level (default: empty)
+The default SMTP TLS security level for the Postfix SMTP client.
+When a non\-empty value is specified, this overrides the obsolete
+parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername;
+when no value is specified for smtp_tls_enforce_peername or the obsolete
+parameters, the default SMTP TLS security level is
+none.
+.PP
+Specify one of the following security levels:
+.IP "\fBnone\fR"
+No TLS. TLS will not be used unless enabled for specific
+destinations via smtp_tls_policy_maps.
+.br
+.IP "\fBmay\fR"
+Opportunistic TLS. Use TLS if this is supported by the remote
+SMTP server, otherwise use plaintext. Since
+sending in the clear is acceptable, demanding stronger than default TLS
+security merely reduces interoperability.
+The "smtp_tls_ciphers" and "smtp_tls_protocols" (Postfix >= 2.6)
+configuration parameters provide control over the protocols and
+cipher grade used with opportunistic TLS. With earlier releases the
+opportunistic TLS cipher grade is always "export" and no protocols
+are disabled.
+When TLS handshakes fail, the connection is retried with TLS disabled.
+This allows mail delivery to sites with non\-interoperable TLS
+implementations.
+.br
+.IP "\fBencrypt\fR"
+Mandatory TLS encryption. Since a minimum
+level of security is intended, it is reasonable to be specific about
+sufficiently secure protocol versions and ciphers. At this security level
+and higher, the main.cf parameters smtp_tls_mandatory_protocols and
+smtp_tls_mandatory_ciphers specify the TLS protocols and minimum
+cipher grade which the administrator considers secure enough for
+mandatory encrypted sessions. This security level is not an appropriate
+default for systems delivering mail to the Internet.
+.br
+.IP "\fBdane\fR"
+Opportunistic DANE TLS. At this security level, the TLS policy
+for the destination is obtained via DNSSEC. For TLSA policy to be
+in effect, the destination domain's containing DNS zone must be
+signed and the Postfix SMTP client's operating system must be
+configured to send its DNS queries to a recursive DNS nameserver
+that is able to validate the signed records. Each MX host's DNS
+zone should also be signed, and should publish DANE TLSA (RFC 7672)
+records that specify how that MX host's TLS certificate is to be
+verified. TLSA records do not preempt the normal SMTP MX host
+selection algorithm, if some MX hosts support TLSA and others do
+not, TLS security will vary from delivery to delivery. It is up
+to the domain owner to configure their MX hosts and their DNS
+sensibly. To configure the Postfix SMTP client for DNSSEC lookups
+see the documentation for the smtp_dns_support_level main.cf
+parameter. When DNSSEC\-validated TLSA records are not found the
+effective tls security level is "may". When TLSA records are found,
+but are all unusable the effective security level is "encrypt". For
+purposes of protocol and cipher selection, the "dane" security level
+is treated like a "mandatory" TLS security level, and weak ciphers
+and protocols are disabled. Since DANE authenticates server
+certificates the "aNULL" cipher\-suites are transparently excluded
+at this level, no need to configure this manually. RFC 7672 (DANE)
+TLS authentication is available with Postfix 2.11 and later.
+.br
+.IP "\fBdane\-only\fR"
+Mandatory DANE TLS. This is just like "dane" above, but DANE
+TLSA authentication is required. There is no fallback to "may" or
+"encrypt" when TLSA records are missing or unusable. RFC 7672
+(DANE) TLS authentication is available with Postfix 2.11 and later.
+.br
+.IP "\fBfingerprint\fR"
+Certificate fingerprint verification.
+At this security level, there are no trusted Certification Authorities.
+The certificate trust chain, expiration date, etc., are
+not checked. Instead, the \fBsmtp_tls_fingerprint_cert_match\fR
+parameter lists the certificate fingerprint or public key fingerprint
+(Postfix 2.9 and later) of the valid server certificate. The digest
+algorithm used to calculate the fingerprint is selected by the
+\fBsmtp_tls_fingerprint_digest\fR parameter. Available with Postfix
+2.5 and later.
+.br
+.IP "\fBverify\fR"
+Mandatory TLS verification. At this security
+level, DNS MX lookups are trusted to be secure enough, and the name
+verified in the server certificate is usually obtained indirectly
+via unauthenticated DNS MX lookups. The smtp_tls_verify_cert_match
+parameter controls how the server name is verified. In practice explicit
+control over matching is more common at the "secure" level, described
+below. This security level is not an appropriate default for systems
+delivering mail to the Internet.
+.br
+.IP "\fBsecure\fR"
+Secure\-channel TLS. At this security level,
+DNS MX lookups, though potentially used to determine the candidate
+next\-hop gateway IP addresses, are \fBnot\fR trusted to be secure enough
+for TLS peername verification. Instead, the default name verified in
+the server certificate is obtained from the next\-hop domain as specified
+in the smtp_tls_secure_cert_match configuration parameter. The default
+matching rule is that a server certificate matches when its name is equal
+to or is a sub\-domain of the nexthop domain. This security level is not
+an appropriate default for systems delivering mail to the Internet.
+.br
+.br
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+# No TLS. Formerly: smtp_use_tls=no and smtp_enforce_tls=no.
+smtp_tls_security_level = none
+.fi
+.ad
+.ft R
+.PP
+.nf
+.na
+.ft C
+# Opportunistic TLS.
+smtp_tls_security_level = may
+# Do not tweak opportunistic ciphers or protocols unless it is essential
+# to do so (if a security vulnerability is found in the SSL library that
+# can be mitigated by disabling a particular protocol or raising the
+# cipher grade).
+smtp_tls_ciphers = medium
+smtp_tls_protocols = >=TLSv1
+# Legacy (Postfix < 3.6) syntax:
+smtp_tls_protocols = !SSLv2, !SSLv3
+.fi
+.ad
+.ft R
+.PP
+.nf
+.na
+.ft C
+# Mandatory (high\-grade) TLS encryption.
+smtp_tls_security_level = encrypt
+smtp_tls_mandatory_ciphers = high
+.fi
+.ad
+.ft R
+.PP
+.nf
+.na
+.ft C
+# Authenticated TLS 1.2 or better matching the nexthop domain or a
+# subdomain.
+smtp_tls_security_level = secure
+smtp_tls_mandatory_ciphers = high
+smtp_tls_mandatory_protocols = >=TLSv1.2
+smtp_tls_secure_cert_match = nexthop, dot\-nexthop
+.fi
+.ad
+.ft R
+.PP
+.nf
+.na
+.ft C
+# Certificate fingerprint verification (Postfix >= 2.5).
+# The CA\-less "fingerprint" security level only scales to a limited
+# number of destinations. As a global default rather than a per\-site
+# setting, this is practical only when mail for all recipients is sent
+# to a central mail hub.
+relayhost = [mailhub.example.com]
+smtp_tls_security_level = fingerprint
+smtp_tls_mandatory_protocols = >=TLSv1.2
+smtp_tls_mandatory_ciphers = high
+smtp_tls_fingerprint_cert_match =
+ 3D:95:34:51:...:40:99:C0:C1
+ EC:3B:2D:B0:...:A3:9D:72:F6
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH smtp_tls_servername (default: empty)
+Optional name to send to the remote SMTP server in the TLS Server
+Name Indication (SNI) extension. The SNI extension is always on when
+DANE is used to authenticate the server, and in that case the SNI name
+sent is the one required by RFC7672 and this parameter is ignored.
+.PP
+Some SMTP servers use the received SNI name to select an appropriate
+certificate chain to present to the client. While this may improve
+interoperability with such servers, it may reduce interoperability with
+other servers that choose to abort the connection when they don't have a
+certificate chain configured for the requested name. Such servers
+should select a default certificate chain and continue the handshake,
+but some may not. Therefore, absent DANE, no SNI name is sent by
+default.
+.PP
+The SNI name must be either a valid DNS hostname, or else one of the
+special values \fBhostname\fR or \fBnexthop\fR, which select either the
+remote hostname or the nexthop domain respectively. DNS names for SNI must be
+in A\-label (punycode) form. Invalid DNS names log a configuration error
+warning and mail delivery is deferred.
+.PP
+Except when using a relayhost to forward all email, the only
+sensible non\-empty main.cf setting for this parameter is
+\fBhostname\fR. Other non\-empty values are only practical on a
+per\-destination basis via the \fBservername\fR attribute of the Postfix
+TLS policy table. When
+in doubt, leave this parameter empty, and configure per\-destination SNI
+as needed.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH smtp_tls_session_cache_database (default: empty)
+Name of the file containing the optional Postfix SMTP client
+TLS session cache. Specify a database type that supports enumeration,
+such as \fBbtree\fR or \fBsdbm\fR; there is no need to support
+concurrent access. The file is created if it does not exist. The \fBsmtp\fR(8)
+daemon does not use this parameter directly, rather the cache is
+implemented indirectly in the \fBtlsmgr\fR(8) daemon. This means that
+per\-smtp\-instance master.cf overrides of this parameter are not effective.
+Note that each of the cache databases supported by \fBtlsmgr\fR(8) daemon:
+$smtpd_tls_session_cache_database, $smtp_tls_session_cache_database
+(and with Postfix 2.3 and later $lmtp_tls_session_cache_database), needs to
+be stored separately. It is not at this time possible to store multiple
+caches in a single database.
+.PP
+Note: \fBdbm\fR databases are not suitable. TLS
+session objects are too large.
+.PP
+As of version 2.5, Postfix no longer uses root privileges when
+opening this file. The file should now be stored under the Postfix\-owned
+data_directory. As a migration aid, an attempt to open the file
+under a non\-Postfix directory is redirected to the Postfix\-owned
+data_directory, and a warning is logged.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtp_tls_session_cache_timeout (default: 3600s)
+The expiration time of Postfix SMTP client TLS session cache
+information. A cache cleanup is performed periodically
+every $smtp_tls_session_cache_timeout seconds. As with
+$smtp_tls_session_cache_database, this parameter is implemented in the
+\fBtlsmgr\fR(8) daemon and therefore per\-smtp\-instance master.cf overrides
+are not possible.
+.PP
+As of Postfix 2.11 this setting cannot exceed 100 days. If set
+<= 0, session caching is disabled. If set to a positive value
+less than 2 minutes, the minimum value of 2 minutes is used instead.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtp_tls_trust_anchor_file (default: empty)
+Zero or more PEM\-format files with trust\-anchor certificates
+and/or public keys. If the parameter is not empty the root CAs in
+CAfile and CApath are no longer trusted. Rather, the Postfix SMTP
+client will only trust certificate\-chains signed by one of the
+trust\-anchors contained in the chosen files. The specified
+trust\-anchor certificates and public keys are not subject to
+expiration, and need not be (self\-signed) root CAs. They may, if
+desired, be intermediate certificates. Therefore, these certificates
+also may be found "in the middle" of the trust chain presented by
+the remote SMTP server, and any untrusted issuing parent certificates
+will be ignored. Specify a list of pathnames separated by comma
+or whitespace.
+.PP
+Whether specified in main.cf, or on a per\-destination basis,
+the trust\-anchor PEM file must be accessible to the Postfix SMTP
+client in the chroot jail if applicable. The trust\-anchor file
+should contain only certificates and public keys, no private key
+material, and must be readable by the non\-privileged $mail_owner
+user. This allows destinations to be bound to a set of specific
+CAs or public keys without trusting the same CAs for all destinations.
+.PP
+The main.cf parameter supports single\-purpose Postfix installations
+that send mail to a fixed set of SMTP peers. At most sites, if
+trust\-anchor files are used at all, they will be specified on a
+per\-destination basis via the "tafile" attribute of the "verify"
+and "secure" levels in smtp_tls_policy_maps.
+.PP
+The underlying mechanism is in support of RFC 7672 (DANE TLSA),
+which defines mechanisms for an SMTP client MTA to securely determine
+server TLS certificates via DNS.
+.PP
+If you want your trust anchors to be public keys, with OpenSSL
+you can extract a single PEM public key from a PEM X.509 file
+containing a single certificate, as follows:
+.sp
+.in +4
+.nf
+.na
+.ft C
+$ openssl x509 \-in cert.pem \-out ta\-key.pem \-noout \-pubkey
+.fi
+.ad
+.ft R
+.in -4
+.PP
+This feature is available in Postfix 2.11 and later.
+.SH smtp_tls_verify_cert_match (default: hostname)
+How the Postfix SMTP client verifies the server certificate
+peername for the
+"verify" TLS security level. In a "verify" TLS policy table
+($smtp_tls_policy_maps) entry the optional "match" attribute
+overrides this main.cf setting.
+.PP
+This parameter specifies one or more patterns or strategies separated
+by commas, whitespace or colons. In the policy table the only valid
+separator is the colon character.
+.PP
+Patterns specify domain names, or domain name suffixes:
+.IP "\fIexample.com\fR"
+Match the \fIexample.com\fR domain,
+i.e. one of the names in the server certificate must be \fIexample.com\fR.
+Upper and lower case distinctions are ignored.
+.br
+.IP "\fI.example.com\fR"
+Match subdomains of the \fIexample.com\fR domain, i.e. match
+a name in the server certificate that consists of a non\-zero number of
+labels followed by a \fI.example.com\fR suffix. Case distinctions are
+ignored.
+.br
+.br
+.PP
+Strategies specify a transformation from the next\-hop domain
+to the expected name in the server certificate:
+.IP "nexthop"
+Match against the next\-hop domain, which is either the recipient
+domain, or the transport next\-hop configured for the domain stripped of
+any optional socket type prefix, enclosing square brackets and trailing
+port. When MX lookups are not suppressed, this is the original nexthop
+domain prior to the MX lookup, not the result of the MX lookup. For
+LMTP delivery via UNIX\-domain sockets, the verified next\-hop name is
+$myhostname. This strategy is suitable for use with the "secure"
+policy. Case is ignored.
+.br
+.IP "dot\-nexthop"
+As above, but match server certificate names that are subdomains
+of the next\-hop domain. Case is ignored.
+.br
+.IP "hostname"
+Match against the hostname of the server, often
+obtained via an unauthenticated DNS MX lookup. For LMTP delivery via
+UNIX\-domain sockets, the verified name is $myhostname. This matches
+the verification strategy of the "MUST" keyword in the obsolete
+smtp_tls_per_site table, and is suitable for use with the "verify"
+security level. When the next\-hop name is enclosed in square brackets
+to suppress MX lookups, the "hostname" strategy is the same as the
+"nexthop" strategy. Case is ignored.
+.br
+.br
+.PP
+Sample main.cf setting:
+.PP
+.nf
+.na
+.ft C
+smtp_tls_verify_cert_match = hostname, nexthop, dot\-nexthop
+.fi
+.ad
+.ft R
+.PP
+Sample policy table override:
+.PP
+.nf
+.na
+.ft C
+example.com verify match=hostname:nexthop
+\&.example.com verify match=example.com:.example.com:hostname
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH smtp_tls_wrappermode (default: no)
+Request that the Postfix SMTP client connects using the
+SUBMISSIONS/SMTPS protocol instead of using the STARTTLS command.
+.PP
+This mode requires "smtp_tls_security_level = encrypt" or
+stronger.
+.PP
+Example: deliver all remote mail via a provider's server
+"mail.example.com".
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ # Client\-side SMTPS requires "encrypt" or stronger.
+ smtp_tls_security_level = encrypt
+ smtp_tls_wrappermode = yes
+ # The [] suppress MX lookups.
+ relayhost = [mail.example.com]:465
+.fi
+.ad
+.ft R
+.PP
+More examples are in TLS_README, including examples for older
+Postfix versions.
+.PP
+This feature is available in Postfix 3.0 and later.
+.SH smtp_use_tls (default: no)
+Opportunistic mode: use TLS when a remote SMTP server announces
+STARTTLS support, otherwise send the mail in the clear. Beware:
+some SMTP servers offer STARTTLS even if it is not configured. With
+Postfix < 2.3, if the TLS handshake fails, and no other server is
+available, delivery is deferred and mail stays in the queue. If this
+is a concern for you, use the smtp_tls_per_site feature instead.
+.PP
+This feature is available in Postfix 2.2 and later. With
+Postfix 2.3 and later use smtp_tls_security_level instead.
+.SH smtp_xforward_timeout (default: 300s)
+The Postfix SMTP client time limit for sending the XFORWARD command,
+and for receiving the remote SMTP server response.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH smtpd_authorized_verp_clients (default: $authorized_verp_clients)
+What remote SMTP clients are allowed to specify the XVERP command.
+This command requests that mail be delivered one recipient at a
+time with a per recipient return address.
+.PP
+By default, no clients are allowed to specify XVERP.
+.PP
+This parameter was renamed with Postfix version 2.1. The default value
+is backwards compatible with Postfix version 2.0.
+.PP
+Specify a list of network/netmask patterns, separated by commas
+and/or whitespace. The mask specifies the number of bits in the
+network part of a host address. You can also specify hostnames or
+\&.domain names (the initial dot causes the domain to match any name
+below it), "/file/name" or "type:table" patterns. A "/file/name"
+pattern is replaced by its contents; a "type:table" lookup table
+is matched when a table entry matches a lookup string (the lookup
+result is ignored). Continue long lines by starting the next line
+with whitespace. Specify "!pattern" to exclude an address or network
+block from the list. The form "!/file/name" is supported only in
+Postfix version 2.4 and later.
+.PP
+Note: IP version 6 address information must be specified inside
+[] in the smtpd_authorized_verp_clients value, and in
+files specified with "/file/name". IP version 6 addresses contain
+the ":" character, and would otherwise be confused with a "type:table"
+pattern.
+.SH smtpd_authorized_xclient_hosts (default: empty)
+What remote SMTP clients are allowed to use the XCLIENT feature. This
+command overrides remote SMTP client information that is used for access
+control. Typical use is for SMTP\-based content filters, fetchmail\-like
+programs, or SMTP server access rule testing. See the XCLIENT_README
+document for details.
+.PP
+This feature is available in Postfix 2.1 and later.
+.PP
+By default, no clients are allowed to specify XCLIENT.
+.PP
+Specify a list of network/netmask patterns, separated by commas
+and/or whitespace. The mask specifies the number of bits in the
+network part of a host address. You can also specify hostnames or
+\&.domain names (the initial dot causes the domain to match any name
+below it), "/file/name" or "type:table" patterns. A "/file/name"
+pattern is replaced by its contents; a "type:table" lookup table
+is matched when a table entry matches a lookup string (the lookup
+result is ignored). Continue long lines by starting the next line
+with whitespace. Specify "!pattern" to exclude an address or network
+block from the list. The form "!/file/name" is supported only in
+Postfix version 2.4 and later.
+.PP
+Note: IP version 6 address information must be specified inside
+[] in the smtpd_authorized_xclient_hosts value, and in
+files specified with "/file/name". IP version 6 addresses contain
+the ":" character, and would otherwise be confused with a "type:table"
+pattern.
+.SH smtpd_authorized_xforward_hosts (default: empty)
+What remote SMTP clients are allowed to use the XFORWARD feature. This
+command forwards information that is used to improve logging after
+SMTP\-based content filters. See the XFORWARD_README document for
+details.
+.PP
+This feature is available in Postfix 2.1 and later.
+.PP
+By default, no clients are allowed to specify XFORWARD.
+.PP
+Specify a list of network/netmask patterns, separated by commas
+and/or whitespace. The mask specifies the number of bits in the
+network part of a host address. You can also specify hostnames or
+\&.domain names (the initial dot causes the domain to match any name
+below it), "/file/name" or "type:table" patterns. A "/file/name"
+pattern is replaced by its contents; a "type:table" lookup table
+is matched when a table entry matches a lookup string (the lookup
+result is ignored). Continue long lines by starting the next line
+with whitespace. Specify "!pattern" to exclude an address or network
+block from the list. The form "!/file/name" is supported only in
+Postfix version 2.4 and later.
+.PP
+Note: IP version 6 address information must be specified inside
+[] in the smtpd_authorized_xforward_hosts value, and in
+files specified with "/file/name". IP version 6 addresses contain
+the ":" character, and would otherwise be confused with a "type:table"
+pattern.
+.SH smtpd_banner (default: $myhostname ESMTP $mail_name)
+The text that follows the 220 status code in the SMTP greeting
+banner. Some people like to see the mail version advertised. By
+default, Postfix shows no version.
+.PP
+You MUST specify $myhostname at the start of the text. This is
+required by the SMTP protocol.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
+.fi
+.ad
+.ft R
+.SH smtpd_client_auth_rate_limit (default: 0)
+The maximal number of AUTH commands that any client is allowed to
+send to this service per time unit, regardless of whether or not
+Postfix actually accepts those commands. The time unit is specified
+with the anvil_rate_time_unit configuration parameter.
+.PP
+By default, there is no limit on the number of AUTH commands that a
+client may send.
+.PP
+To disable this feature, specify a limit of 0.
+.PP
+WARNING: The purpose of this feature is to limit abuse. It must
+not be used to regulate legitimate mail traffic.
+.PP
+This feature is available in Postfix 3.1 and later.
+.SH smtpd_client_connection_count_limit (default: 50)
+How many simultaneous connections any client is allowed to
+make to this service. By default, the limit is set to half
+the default process limit value.
+.PP
+To disable this feature, specify a limit of 0.
+.PP
+WARNING: The purpose of this feature is to limit abuse. It must
+not be used to regulate legitimate mail traffic.
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtpd_client_connection_rate_limit (default: 0)
+The maximal number of connection attempts any client is allowed to
+make to this service per time unit. The time unit is specified
+with the anvil_rate_time_unit configuration parameter.
+.PP
+By default, a client can make as many connections per time unit as
+Postfix can accept.
+.PP
+To disable this feature, specify a limit of 0.
+.PP
+WARNING: The purpose of this feature is to limit abuse. It must
+not be used to regulate legitimate mail traffic.
+.PP
+This feature is available in Postfix 2.2 and later.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtpd_client_connection_rate_limit = 1000
+.fi
+.ad
+.ft R
+.SH smtpd_client_event_limit_exceptions (default: $mynetworks)
+Clients that are excluded from smtpd_client_*_count/rate_limit
+restrictions. See the mynetworks parameter
+description for the parameter value syntax.
+.PP
+By default, clients in trusted networks are excluded. Specify a
+list of network blocks, hostnames or .domain names (the initial
+dot causes the domain to match any name below it).
+.PP
+Note: IP version 6 address information must be specified inside
+[] in the smtpd_client_event_limit_exceptions value, and
+in files specified with "/file/name". IP version 6 addresses
+contain the ":" character, and would otherwise be confused with a
+"type:table" pattern.
+.PP
+Pattern matching of domain names is controlled by the presence
+or absence of "smtpd_client_event_limit_exceptions" in the
+parent_domain_matches_subdomains parameter value (Postfix 3.0 and
+later).
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtpd_client_ipv4_prefix_length (default: 32)
+Aggregate smtpd_client_*_count and smtpd_client_*_rate statistics
+by IPv4 network blocks with the specified network prefix. Aggregation
+uses fewer \fBanvil\fR(8) resources to maintain counters. By default,
+aggregation is disabled for IPv4.
+.PP
+This feature is available in Postfix 3.8 and later.
+.SH smtpd_client_ipv6_prefix_length (default: 84)
+Aggregate smtpd_client_*_count and smtpd_client_*_rate statistics
+by IPv6 network blocks with the specified network prefix. Aggregation
+uses fewer the \fBanvil\fR(8) resources to maintain counters. By default,
+aggregation is enabled for IPv6.
+.PP
+This feature is available in Postfix 3.8 and later.
+.SH smtpd_client_message_rate_limit (default: 0)
+The maximal number of message delivery requests that any client is
+allowed to make to this service per time unit, regardless of whether
+or not Postfix actually accepts those messages. The time unit is
+specified with the anvil_rate_time_unit configuration parameter.
+.PP
+By default, a client can send as many message delivery requests
+per time unit as Postfix can accept.
+.PP
+To disable this feature, specify a limit of 0.
+.PP
+WARNING: The purpose of this feature is to limit abuse. It must
+not be used to regulate legitimate mail traffic.
+.PP
+This feature is available in Postfix 2.2 and later.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtpd_client_message_rate_limit = 1000
+.fi
+.ad
+.ft R
+.SH smtpd_client_new_tls_session_rate_limit (default: 0)
+The maximal number of new (i.e., uncached) TLS sessions that a
+remote SMTP client is allowed to negotiate with this service per
+time unit. The time unit is specified with the anvil_rate_time_unit
+configuration parameter.
+.PP
+By default, a remote SMTP client can negotiate as many new TLS
+sessions per time unit as Postfix can accept.
+.PP
+To disable this feature, specify a limit of 0. Otherwise, specify
+a limit that is at least the per\-client concurrent session limit,
+or else legitimate client sessions may be rejected.
+.PP
+WARNING: The purpose of this feature is to limit abuse. It must
+not be used to regulate legitimate mail traffic.
+.PP
+This feature is available in Postfix 2.3 and later.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtpd_client_new_tls_session_rate_limit = 100
+.fi
+.ad
+.ft R
+.SH smtpd_client_port_logging (default: no)
+Enable logging of the remote SMTP client port in addition to
+the hostname and IP address. The logging format is "host[address]:port".
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH smtpd_client_recipient_rate_limit (default: 0)
+The maximal number of recipient addresses that any client is allowed
+to send to this service per time unit, regardless of whether or not
+Postfix actually accepts those recipients. The time unit is specified
+with the anvil_rate_time_unit configuration parameter.
+.PP
+By default, a client can send as many recipient addresses per time
+unit as Postfix can accept.
+.PP
+To disable this feature, specify a limit of 0.
+.PP
+WARNING: The purpose of this feature is to limit abuse. It must
+not be used to regulate legitimate mail traffic.
+.PP
+This feature is available in Postfix 2.2 and later.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtpd_client_recipient_rate_limit = 1000
+.fi
+.ad
+.ft R
+.SH smtpd_client_restrictions (default: empty)
+Optional restrictions that the Postfix SMTP server applies in the
+context of a client connection request.
+See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access
+restriction lists" for a discussion of evaluation context and time.
+.PP
+The default is to allow all connection requests.
+.PP
+Specify a list of restrictions, separated by commas and/or whitespace.
+Continue long lines by starting the next line with whitespace.
+Restrictions are applied in the order as specified; the first
+restriction that matches wins.
+.PP
+The following restrictions are specific to client hostname or
+client network address information.
+.IP "\fBcheck_ccert_access \fItype:table\fR\fR"
+By default use the remote SMTP client certificate fingerprint
+or the public key
+fingerprint (Postfix 2.9 and later) as the lookup key for the specified
+\fBaccess\fR(5) database; with Postfix version 2.2, also require that the
+remote SMTP client certificate is verified successfully.
+The fingerprint digest algorithm is configurable via the
+smtpd_tls_fingerprint_digest parameter (hard\-coded as md5 prior to
+Postfix version 2.5). This feature requires "smtpd_tls_ask_ccert
+= yes" and is available with Postfix version
+2.2 and later.
+.br
+The default algorithm is \fBsha256\fR with Postfix >= 3.6
+and the \fBcompatibility_level\fR set to 3.6 or higher. With Postfix
+<= 3.5, the default algorithm is \fBmd5\fR. The best\-practice
+algorithm is now \fBsha256\fR. Recent advances in hash function
+cryptanalysis have led to md5 and sha1 being deprecated in favor of
+sha256. However, as long as there are no known "second pre\-image"
+attacks against the older algorithms, their use in this context, though
+not recommended, is still likely safe.
+.br
+Alternatively, check_ccert_access accepts an explicit search
+order (Postfix 3.5 and later). The default search order as described
+above corresponds with:
+.br
+check_ccert_access { type:table, { search_order = cert_fingerprint,
+pubkey_fingerprint } }
+.br
+The commas are optional.
+.br
+.IP "\fBcheck_client_access \fItype:table\fR\fR"
+Search the specified access database for the client hostname,
+parent domains, client IP address, or networks obtained by stripping
+least significant octets. See the \fBaccess\fR(5) manual page for details.
+.br
+.IP "\fBcheck_client_a_access \fItype:table\fR\fR"
+Search the specified \fBaccess\fR(5) database for the IP addresses for the
+client hostname, and execute the corresponding action. Note: a result
+of "OK" is not allowed for safety reasons. Instead, use DUNNO in order
+to exclude specific hosts from denylists. This feature is available
+in Postfix 3.0 and later.
+.br
+.IP "\fBcheck_client_mx_access \fItype:table\fR\fR"
+Search the specified \fBaccess\fR(5) database for the MX hosts for the
+client hostname, and execute the corresponding action. If no MX
+record is found, look up A or AAAA records, just like the Postfix
+SMTP client would. Note: a result
+of "OK" is not allowed for safety reasons. Instead, use DUNNO in order
+to exclude specific hosts from denylists. This feature is available
+in Postfix 2.7 and later.
+.br
+.IP "\fBcheck_client_ns_access \fItype:table\fR\fR"
+Search the specified \fBaccess\fR(5) database for the DNS servers for
+the client hostname, and execute the corresponding action. Note: a
+result of "OK" is not allowed for safety reasons. Instead, use DUNNO
+in order to exclude specific hosts from denylists. This feature is
+available in Postfix 2.7 and later.
+.br
+.IP "\fBcheck_reverse_client_hostname_access \fItype:table\fR\fR"
+Search the specified access database for the unverified reverse
+client hostname, parent domains, client IP address, or networks
+obtained by stripping least significant octets. See the \fBaccess\fR(5)
+manual page for details. Note: a result of "OK" is not allowed for
+safety reasons. Instead, use DUNNO in order to exclude specific
+hosts from denylists. This feature is available in Postfix 2.6
+and later.
+.br
+.IP "\fBcheck_reverse_client_hostname_a_access \fItype:table\fR\fR"
+Search the specified \fBaccess\fR(5) database for the IP addresses for the
+unverified reverse client hostname, and execute the corresponding
+action. Note: a result of "OK" is not allowed for safety reasons.
+Instead, use DUNNO in order to exclude specific hosts from denylists.
+This feature is available in Postfix 3.0 and later.
+.br
+.IP "\fBcheck_reverse_client_hostname_mx_access \fItype:table\fR\fR"
+Search the specified \fBaccess\fR(5) database for the MX hosts for the
+unverified reverse client hostname, and execute the corresponding
+action. If no MX record is found, look up A or AAAA records, just
+like the Postfix SMTP client would.
+Note: a result of "OK" is not allowed for safety reasons.
+Instead, use DUNNO in order to exclude specific hosts from denylists.
+This feature is available in Postfix 2.7 and later.
+.br
+.IP "\fBcheck_reverse_client_hostname_ns_access \fItype:table\fR\fR"
+Search the specified \fBaccess\fR(5) database for the DNS servers for
+the unverified reverse client hostname, and execute the corresponding
+action. Note: a result of "OK" is not allowed for safety reasons.
+Instead, use DUNNO in order to exclude specific hosts from denylists.
+This feature is available in Postfix 2.7 and later.
+.br
+.IP "\fBcheck_sasl_access \fItype:table\fR\fR"
+Use the remote SMTP client SASL user name as the lookup key for
+the specified \fBaccess\fR(5) database. The lookup key has the form
+"username@domainname" when the smtpd_sasl_local_domain parameter
+value is non\-empty. Unlike the check_client_access feature,
+check_sasl_access does not perform matches of parent domains or IP
+subnet ranges. This feature is available with Postfix version 2.11
+and later.
+.br
+.IP "\fBpermit_inet_interfaces\fR"
+Permit the request when the client IP address matches
+$inet_interfaces.
+.br
+.IP "\fBpermit_mynetworks\fR"
+Permit the request when the client IP address matches any
+network or network address listed in $mynetworks.
+.br
+.IP "\fBpermit_sasl_authenticated\fR"
+Permit the request when the client is successfully
+authenticated via the RFC 4954 (AUTH) protocol.
+.br
+.IP "\fBpermit_tls_all_clientcerts\fR"
+Permit the request when the remote SMTP client certificate is
+verified successfully. This option must be used only if a special
+CA issues the certificates and only this CA is listed as a trusted
+CA. Otherwise, clients with a third\-party certificate would also
+be allowed to relay. Specify "tls_append_default_CA = no" when the
+trusted CA is specified with smtpd_tls_CAfile or smtpd_tls_CApath,
+to prevent Postfix from appending the system\-supplied default CAs.
+This feature requires "smtpd_tls_ask_ccert = yes" and is available
+with Postfix version 2.2 and later.
+.br
+.IP "\fBpermit_tls_clientcerts\fR"
+Permit the request when the remote SMTP client certificate
+fingerprint or public key fingerprint (Postfix 2.9 and later) is
+listed in $relay_clientcerts.
+The fingerprint digest algorithm is configurable via the
+smtpd_tls_fingerprint_digest parameter (hard\-coded as md5 prior to
+Postfix version 2.5). This feature requires "smtpd_tls_ask_ccert
+= yes" and is available with Postfix version 2.2 and later.
+.br
+The default algorithm is \fBsha256\fR with Postfix >= 3.6
+and the \fBcompatibility_level\fR set to 3.6 or higher. With Postfix
+<= 3.5, the default algorithm is \fBmd5\fR. The best\-practice
+algorithm is now \fBsha256\fR. Recent advances in hash function
+cryptanalysis have led to md5 and sha1 being deprecated in favor of
+sha256. However, as long as there are no known "second pre\-image"
+attacks against the older algorithms, their use in this context, though
+not recommended, is still likely safe.
+.br
+.IP "\fBreject_rbl_client \fIrbl_domain=d.d.d.d\fR\fR"
+Reject the request when the reversed client network address is
+listed with the A record "\fId.d.d.d\fR" under \fIrbl_domain\fR
+(Postfix version 2.1 and later only). Each "\fId\fR" is a number,
+or a pattern inside "[]" that contains one or more ";"\-separated
+numbers or number..number ranges (Postfix version 2.8 and later).
+If no "\fI=d.d.d.d\fR" is specified, reject the request when the
+reversed client network address is listed with any A record under
+\fIrbl_domain\fR.
+.br
+The maps_rbl_reject_code parameter specifies the response code for
+rejected requests (default: 554), the default_rbl_reply parameter
+specifies the default server reply, and the rbl_reply_maps parameter
+specifies tables with server replies indexed by \fIrbl_domain\fR.
+This feature is available in Postfix 2.0 and later.
+.br
+.IP "\fBpermit_dnswl_client \fIdnswl_domain=d.d.d.d\fR\fR"
+Accept the request when the reversed client network address is
+listed with the A record "\fId.d.d.d\fR" under \fIdnswl_domain\fR.
+Each "\fId\fR" is a number, or a pattern inside "[]" that contains
+one or more ";"\-separated numbers or number..number ranges.
+If no "\fI=d.d.d.d\fR" is specified, accept the request when the
+reversed client network address is listed with any A record under
+\fIdnswl_domain\fR.
+.br
+For safety, permit_dnswl_client is silently
+ignored when it would override reject_unauth_destination. The
+result is DEFER_IF_REJECT when allowlist lookup fails. This feature
+is available in Postfix 2.8 and later.
+.br
+.IP "\fBreject_rhsbl_client \fIrbl_domain=d.d.d.d\fR\fR"
+Reject the request when the client hostname is listed with the
+A record "\fId.d.d.d\fR" under \fIrbl_domain\fR (Postfix version
+2.1 and later only). Each "\fId\fR" is a number, or a pattern
+inside "[]" that contains one or more ";"\-separated numbers or
+number..number ranges (Postfix version 2.8 and later). If no
+"\fI=d.d.d.d\fR" is specified, reject the request when the client
+hostname is listed with
+any A record under \fIrbl_domain\fR. See the reject_rbl_client
+description above for additional RBL related configuration parameters.
+This feature is available in Postfix 2.0 and later; with Postfix
+version 2.8 and later, reject_rhsbl_reverse_client will usually
+produce better results.
+.br
+.IP "\fBpermit_rhswl_client \fIrhswl_domain=d.d.d.d\fR\fR"
+Accept the request when the client hostname is listed with the
+A record "\fId.d.d.d\fR" under \fIrhswl_domain\fR. Each "\fId\fR"
+is a number, or a pattern inside "[]" that contains one or more
+";"\-separated numbers or number..number ranges. If no
+"\fI=d.d.d.d\fR" is specified, accept the request when the client
+hostname is listed with any A record under \fIrhswl_domain\fR.
+.br
+Caution: client name allowlisting is fragile, since the client
+name lookup can fail due to temporary outages. Client name
+allowlisting should be used only to reduce false positives in e.g.
+DNS\-based blocklists, and not for making access rule exceptions.
+.br
+For safety, permit_rhswl_client is silently ignored when it
+would override reject_unauth_destination. The result is DEFER_IF_REJECT
+when allowlist lookup fails. This feature is available in Postfix
+2.8 and later.
+.br
+.IP "\fBreject_rhsbl_reverse_client \fIrbl_domain=d.d.d.d\fR\fR"
+Reject the request when the unverified reverse client hostname
+is listed with the A record "\fId.d.d.d\fR" under \fIrbl_domain\fR.
+Each "\fId\fR" is a number, or a pattern inside "[]" that contains
+one or more ";"\-separated numbers or number..number ranges.
+If no "\fI=d.d.d.d\fR" is specified, reject the request when the
+unverified reverse client hostname is listed with any A record under
+\fIrbl_domain\fR. See the reject_rbl_client description above for
+additional RBL related configuration parameters. This feature is
+available in Postfix 2.8 and later.
+.br
+.IP "\fBreject_unknown_client_hostname\fR (with Postfix < 2.3: reject_unknown_client)"
+Reject the request when 1) the client IP address\->name mapping
+fails, or 2) the name\->address mapping fails, or 3) the name\->address
+mapping does not match the client IP address.
+.br
+This is a
+stronger restriction than the reject_unknown_reverse_client_hostname
+feature, which triggers only under condition 1) above.
+.br
+The
+unknown_client_reject_code parameter specifies the response code
+for rejected requests (default: 450). The reply is always 450 in
+case the address\->name or name\->address lookup failed due to
+a temporary problem.
+.br
+.IP "\fBreject_unknown_reverse_client_hostname\fR"
+Reject the request when the client IP address has no address\->name
+mapping.
+.br
+This is a weaker restriction than the
+reject_unknown_client_hostname feature, which requires not only
+that the address\->name and name\->address mappings exist, but
+also that the two mappings reproduce the client IP address.
+.br
+The unknown_client_reject_code parameter specifies the response
+code for rejected requests (default: 450). The reply is always 450
+in case the address\->name lookup failed due to a temporary
+problem.
+.br
+This feature is available in Postfix 2.3 and
+later.
+.br
+.br
+.PP
+In addition, you can use any of the following
+generic restrictions. These restrictions are applicable in
+any SMTP command context.
+.IP "\fBcheck_policy_service \fIservername\fR\fR"
+Query the specified policy server. See the SMTPD_POLICY_README
+document for details. This feature is available in Postfix 2.1
+and later.
+.br
+.IP "\fBdefer\fR"
+Defer the request. The client is told to try again later. This
+restriction is useful at the end of a restriction list, to make
+the default policy explicit.
+.br
+The defer_code parameter specifies
+the SMTP server reply code (default: 450).
+.br
+.IP "\fBdefer_if_permit\fR"
+Defer the request if some later restriction would result in an
+explicit or implicit PERMIT action. This is useful when a denylisting
+feature fails due to a temporary problem. This feature is available
+in Postfix version 2.1 and later.
+.br
+.IP "\fBdefer_if_reject\fR"
+Defer the request if some later restriction would result in a
+REJECT action. This is useful when an allowlisting feature fails
+due to a temporary problem. This feature is available in Postfix
+version 2.1 and later.
+.br
+.IP "\fBpermit\fR"
+Permit the request. This restriction is useful at the end of
+a restriction list, to make the default policy explicit.
+.br
+.IP "\fBreject_multi_recipient_bounce\fR"
+Reject the request when the envelope sender is the null address,
+and the message has multiple envelope recipients. This usage has
+rare but legitimate applications: under certain conditions,
+multi\-recipient mail that was posted with the DSN option NOTIFY=NEVER
+may be forwarded with the null sender address.
+.br
+Note: this restriction can only work reliably
+when used in smtpd_data_restrictions or
+smtpd_end_of_data_restrictions, because the total number of
+recipients is not known at an earlier stage of the SMTP conversation.
+Use at the RCPT stage will only reject the second etc. recipient.
+.br
+The multi_recipient_bounce_reject_code parameter specifies the
+response code for rejected requests (default: 550). This feature
+is available in Postfix 2.1 and later.
+.br
+.IP "\fBreject_plaintext_session\fR"
+Reject the request when the connection is not encrypted. This
+restriction should not be used before the client has had a chance
+to negotiate encryption with the AUTH or STARTTLS commands.
+.br
+The plaintext_reject_code parameter specifies the response
+code for rejected requests (default: 450). This feature is available
+in Postfix 2.3 and later.
+.br
+.IP "\fBreject_unauth_pipelining\fR"
+Reject the request when the client sends SMTP commands ahead
+of time where it is not allowed, or when the client sends SMTP
+commands ahead of time without knowing that Postfix actually supports
+ESMTP command pipelining. This stops mail from bulk mail software
+that improperly uses ESMTP command pipelining in order to speed up
+deliveries.
+.br
+With Postfix 2.6 and later, the SMTP server sets a per\-session
+flag whenever it detects illegal pipelining, including pipelined
+HELO or EHLO commands. The reject_unauth_pipelining feature simply
+tests whether the flag was set at any point in time during the
+session.
+.br
+With older Postfix versions, reject_unauth_pipelining checks
+the current status of the input read queue, and its usage is not
+recommended in contexts other than smtpd_data_restrictions.
+.br
+.IP "\fBreject\fR"
+Reject the request. This restriction is useful at the end of
+a restriction list, to make the default policy explicit. The
+reject_code configuration parameter specifies the response code for
+rejected requests (default: 554).
+.br
+.IP "\fBsleep \fIseconds\fR\fR"
+Pause for the specified number of seconds and proceed with
+the next restriction in the list, if any. This may stop zombie
+mail when used as:
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ smtpd_client_restrictions =
+ sleep 1, reject_unauth_pipelining
+ smtpd_delay_reject = no
+.fi
+.ad
+.ft R
+This feature is available in Postfix 2.3.
+.br
+.IP "\fBwarn_if_reject\fR"
+A safety net for testing. When "warn_if_reject" is placed
+before a reject\-type restriction, access table query, or
+check_policy_service query, this logs a "reject_warning" message
+instead of rejecting a request (when a reject\-type restriction fails
+due to a temporary error, this logs a "reject_warning" message for
+any implicit "defer_if_permit" actions that would normally prevent
+mail from being accepted by some later access restriction). This
+feature has no effect on defer_if_reject restrictions.
+.br
+.br
+.PP
+Other restrictions that are valid in this context:
+.IP \(bu
+SMTP command specific restrictions that are described under
+the smtpd_helo_restrictions, smtpd_sender_restrictions or
+smtpd_recipient_restrictions parameters. When helo, sender or
+recipient restrictions are listed under smtpd_client_restrictions,
+they have effect only with "smtpd_delay_reject = yes", so that
+$smtpd_client_restrictions is evaluated at the time of the RCPT TO
+command.
+.br
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtpd_client_restrictions = permit_mynetworks, reject_unknown_client_hostname
+.fi
+.ad
+.ft R
+.SH smtpd_command_filter (default: empty)
+A mechanism to transform commands from remote SMTP clients.
+This is a last\-resort tool to work around client commands that break
+interoperability with the Postfix SMTP server. Other uses involve
+fault injection to test Postfix's handling of invalid commands.
+.PP
+Specify the name of a "type:table" lookup table. The search
+string is the SMTP command as received from the remote SMTP client,
+except that initial whitespace and the trailing <CR><LF>
+are removed. The result value is executed by the Postfix SMTP
+server.
+.PP
+There is no need to use smtpd_command_filter for the following
+cases:
+.IP \(bu
+Use "resolve_numeric_domain = yes" to accept
+"\fIuser@ipaddress\fR".
+.IP \(bu
+Postfix already accepts the correct form
+"\fIuser@[ipaddress]\fR". Use virtual_alias_maps or canonical_maps
+to translate these into domain names if necessary.
+.IP \(bu
+Use "strict_rfc821_envelopes = no" to accept "RCPT TO:<\fIUser
+Name <user@example.com>>\fR". Postfix will ignore the "\fIUser
+Name\fR" part and deliver to the \fI<user@example.com>\fR address.
+.br
+.PP
+Examples of problems that can be solved with the smtpd_command_filter
+feature:
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ smtpd_command_filter = pcre:/etc/postfix/command_filter
+.fi
+.ad
+.ft R
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/command_filter:
+ # Work around clients that send malformed HELO commands.
+ /^HELO\es*$/ HELO domain.invalid
+.fi
+.ad
+.ft R
+.PP
+.nf
+.na
+.ft C
+ # Work around clients that send empty lines.
+ /^\es*$/ NOOP
+.fi
+.ad
+.ft R
+.PP
+.nf
+.na
+.ft C
+ # Work around clients that send RCPT TO:<'user@domain'>.
+ # WARNING: do not lose the parameters that follow the address.
+ /^(RCPT\es+TO:\es*<)'([^[:space:]]+)'(>.*)/ $1$2$3
+.fi
+.ad
+.ft R
+.PP
+.nf
+.na
+.ft C
+ # Append XVERP to MAIL FROM commands to request VERP\-style delivery.
+ # See VERP_README for more information on how to use Postfix VERP.
+ /^(MAIL\es+FROM:\es*<listname@example\e.com>.*)/ $1 XVERP
+.fi
+.ad
+.ft R
+.PP
+.nf
+.na
+.ft C
+ # Bounce\-never mail sink. Use notify_classes=bounce,resource,software
+ # to send bounced mail to the postmaster (with message body removed).
+ /^(RCPT\es+TO:\es*<.*>.*)\es+NOTIFY=\eS+(.*)/ $1 NOTIFY=NEVER$2
+ /^(RCPT\es+TO:.*)/ $1 NOTIFY=NEVER
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.7.
+.SH smtpd_data_restrictions (default: empty)
+Optional access restrictions that the Postfix SMTP server applies
+in the context of the SMTP DATA command.
+See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access
+restriction lists" for a discussion of evaluation context and time.
+.PP
+This feature is available in Postfix 2.0 and later.
+.PP
+Specify a list of restrictions, separated by commas and/or whitespace.
+Continue long lines by starting the next line with whitespace.
+Restrictions are applied in the order as specified; the first
+restriction that matches wins.
+.PP
+The following restrictions are valid in this context:
+.IP \(bu
+Generic restrictions that can be used
+in any SMTP command context, described under smtpd_client_restrictions.
+.IP \(bu
+SMTP command specific restrictions described under
+smtpd_client_restrictions, smtpd_helo_restrictions,
+smtpd_sender_restrictions or smtpd_recipient_restrictions.
+.IP \(bu
+However, no recipient information is available in the case of
+multi\-recipient mail. Acting on only one recipient would be misleading,
+because any decision will affect all recipients equally. Acting on
+all recipients would require a possibly very large amount of memory,
+and would also be misleading for the reasons mentioned before.
+.br
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+smtpd_data_restrictions = reject_unauth_pipelining
+smtpd_data_restrictions = reject_multi_recipient_bounce
+.fi
+.ad
+.ft R
+.SH smtpd_delay_open_until_valid_rcpt (default: yes)
+Postpone the start of an SMTP mail transaction until a valid
+RCPT TO command is received. Specify "no" to create a mail transaction
+as soon as the Postfix SMTP server receives a valid MAIL FROM
+command.
+.PP
+With sites that reject lots of mail, the default setting reduces
+the use of
+disk, CPU and memory resources. The downside is that rejected
+recipients are logged with NOQUEUE instead of a mail transaction
+ID. This complicates the logfile analysis of multi\-recipient mail.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH smtpd_delay_reject (default: yes)
+Wait until the RCPT TO command before evaluating
+$smtpd_client_restrictions, $smtpd_helo_restrictions and
+$smtpd_sender_restrictions, or wait until the ETRN command before
+evaluating $smtpd_client_restrictions and $smtpd_helo_restrictions.
+.PP
+This feature is turned on by default because some clients apparently
+mis\-behave when the Postfix SMTP server rejects commands before
+RCPT TO.
+.PP
+The default setting has one major benefit: it allows Postfix to log
+recipient address information when rejecting a client name/address
+or sender address, so that it is possible to find out whose mail
+is being rejected.
+.SH smtpd_discard_ehlo_keyword_address_maps (default: empty)
+Lookup tables, indexed by the remote SMTP client address, with
+case insensitive lists of EHLO keywords (pipelining, starttls, auth,
+etc.) that the Postfix SMTP server will not send in the EHLO response
+to a
+remote SMTP client. See smtpd_discard_ehlo_keywords for details.
+The tables are not searched by hostname for robustness reasons.
+.PP
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtpd_discard_ehlo_keywords (default: empty)
+A case insensitive list of EHLO keywords (pipelining, starttls,
+auth, etc.) that the Postfix SMTP server will not send in the EHLO
+response
+to a remote SMTP client.
+.PP
+This feature is available in Postfix 2.2 and later.
+.PP
+Notes:
+.IP \(bu
+Specify the \fBsilent\-discard\fR pseudo keyword to prevent
+this action from being logged.
+.IP \(bu
+Use the smtpd_discard_ehlo_keyword_address_maps feature
+to discard EHLO keywords selectively.
+.br
+.SH smtpd_dns_reply_filter (default: empty)
+Optional filter for Postfix SMTP server DNS lookup results.
+See smtp_dns_reply_filter for details including an example.
+.PP
+This feature is available in Postfix 3.0 and later.
+.SH smtpd_end_of_data_restrictions (default: empty)
+Optional access restrictions that the Postfix SMTP server
+applies in the context of the SMTP END\-OF\-DATA command.
+See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access
+restriction lists" for a discussion of evaluation context and time.
+.PP
+This feature is available in Postfix 2.2 and later.
+.PP
+See smtpd_data_restrictions for details and limitations.
+.SH smtpd_enforce_tls (default: no)
+Mandatory TLS: announce STARTTLS support to remote SMTP clients,
+and require that clients use TLS encryption. According to RFC 2487
+this MUST NOT be applied in case of a publicly\-referenced SMTP
+server. This option is therefore off by default.
+.PP
+Note 1: "smtpd_enforce_tls = yes" implies "smtpd_tls_auth_only = yes".
+.PP
+Note 2: when invoked via "\fBsendmail \-bs\fR", Postfix will never offer
+STARTTLS due to insufficient privileges to access the server private
+key. This is intended behavior.
+.PP
+This feature is available in Postfix 2.2 and later. With
+Postfix 2.3 and later use smtpd_tls_security_level instead.
+.SH smtpd_error_sleep_time (default: 1s)
+With Postfix version 2.1 and later: the SMTP server response delay after
+a client has made more than $smtpd_soft_error_limit errors, and
+fewer than $smtpd_hard_error_limit errors, without delivering mail.
+.PP
+With Postfix version 2.0 and earlier: the SMTP server delay
+before sending a reject (4xx or 5xx) response, when the client has
+made fewer than $smtpd_soft_error_limit errors without delivering
+mail. When the client has made $smtpd_soft_error_limit or more errors,
+delay all responses with the larger of (number of errors) seconds
+or $smtpd_error_sleep_time.
+.PP
+Specify a non\-negative time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH smtpd_etrn_restrictions (default: empty)
+Optional restrictions that the Postfix SMTP server applies in the
+context of a client ETRN command.
+See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access
+restriction lists" for a discussion of evaluation context and time.
+.PP
+The Postfix ETRN implementation accepts only destinations that are
+eligible for the Postfix "fast flush" service. See the ETRN_README
+file for details.
+.PP
+Specify a list of restrictions, separated by commas and/or whitespace.
+Continue long lines by starting the next line with whitespace.
+Restrictions are applied in the order as specified; the first
+restriction that matches wins.
+.PP
+The following restrictions are specific to the domain name information
+received with the ETRN command.
+.IP "\fBcheck_etrn_access \fItype:table\fR\fR"
+Search the specified access database for the ETRN domain name
+or its parent domains. See the \fBaccess\fR(5) manual page for details.
+.br
+.br
+.PP
+Other restrictions that are valid in this context:
+.IP \(bu
+Generic restrictions that can be used
+in any SMTP command context, described under smtpd_client_restrictions.
+.IP \(bu
+SMTP command specific restrictions described under
+smtpd_client_restrictions and smtpd_helo_restrictions.
+.br
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtpd_etrn_restrictions = permit_mynetworks, reject
+.fi
+.ad
+.ft R
+.SH smtpd_expansion_filter (default: see "postconf \-d" output)
+What characters are allowed in $name expansions of RBL reply
+templates. Characters not in the allowed set are replaced by "_".
+Use C like escapes to specify special characters such as whitespace.
+.PP
+The smtpd_expansion_filter value is not subject to Postfix configuration
+parameter $name expansion.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH smtpd_forbid_bare_newline (default: Postfix < 3.9: no)
+Reject or restrict input lines from an SMTP client that end in
+<LF> instead of the standard <CR><LF>. Such line
+endings are commonly allowed with UNIX\-based SMTP servers, but they
+violate RFC 5321, and allowing such line endings can make a server
+vulnerable to
+SMTP smuggling.
+.PP
+Specify one of the following values (case does not matter):
+.IP "\fBnormalize\fR"
+Require the standard
+End\-of\-DATA sequence <CR><LF>.<CR><LF>.
+Otherwise, allow command or message content lines ending in the
+non\-standard <LF>, and process them as if the client sent the
+standard <CR><LF>.
+.br
+.br
+This maintains compatibility
+with many legitimate SMTP client applications that send a mix of
+standard and non\-standard line endings, but will fail to receive
+email from client implementations that do not terminate DATA content
+with the standard End\-of\-DATA sequence
+<CR><LF>.<CR><LF>.
+.br
+.br
+Such clients
+can be excluded with smtpd_forbid_bare_newline_exclusions.
+.br
+.IP "\fByes\fR"
+Compatibility alias for \fBnormalize\fR.
+.br
+.IP "\fBreject\fR"
+Require the standard End\-of\-DATA
+sequence <CR><LF>.<CR><LF>. Reject a command
+or message content when a line contains bare <LF>, log a "bare
+<LF> received" error, and reply with the SMTP status code in
+$smtpd_forbid_bare_newline_reject_code.
+.br
+.br
+This will reject
+email from SMTP clients that send any non\-standard line endings
+such as web applications, netcat, or load balancer health checks.
+.br
+.br
+This will also reject email from services that use BDAT
+to send MIME text containing a bare newline (RFC 3030 Section 3
+requires canonical MIME format for text message types, defined in
+RFC 2045 Sections 2.7 and 2.8).
+.br
+.br
+Such clients can be
+excluded with smtpd_forbid_bare_newline_exclusions (or, in the case
+of BDAT violations, BDAT can be selectively disabled with
+smtpd_discard_ehlo_keyword_address_maps, or globally disabled with
+smtpd_discard_ehlo_keywords).
+.br
+.IP "\fBno\fR (default)"
+Do not require the standard
+End\-of\-DATA
+sequence <CR><LF>.<CR><LF>. Always process
+a bare <LF> as if the client sent <CR><LF>. This
+option is fully backwards compatible, but is not recommended for
+an Internet\-facing SMTP server, because it is vulnerable to SMTP smuggling.
+.br
+.br
+.PP
+Recommended settings:
+.sp
+.in +4
+.nf
+.na
+.ft C
+# Require the standard End\-of\-DATA sequence <CR><LF>.<CR><LF>.
+# Otherwise, allow bare <LF> and process it as if the client sent
+# <CR><LF>.
+#
+# This maintains compatibility with many legitimate SMTP client
+# applications that send a mix of standard and non\-standard line
+# endings, but will fail to receive email from client implementations
+# that do not terminate DATA content with the standard End\-of\-DATA
+# sequence <CR><LF>.<CR><LF>.
+#
+# Such clients can be allowlisted with smtpd_forbid_bare_newline_exclusions.
+# The example below allowlists SMTP clients in trusted networks.
+#
+smtpd_forbid_bare_newline = normalize
+smtpd_forbid_bare_newline_exclusions = $mynetworks
+.fi
+.ad
+.ft R
+.in -4
+.PP
+Alternative:
+.sp
+.in +4
+.nf
+.na
+.ft C
+# Reject input lines that contain <LF> and log a "bare <LF> received"
+# error. Require that input lines end in <CR><LF>, and require the
+# standard End\-of\-DATA sequence <CR><LF>.<CR><LF>.
+#
+# This will reject email from SMTP clients that send any non\-standard
+# line endings such as web applications, netcat, or load balancer
+# health checks.
+#
+# This will also reject email from services that use BDAT to send
+# MIME text containing a bare newline (RFC 3030 Section 3 requires
+# canonical MIME format for text message types, defined in RFC 2045
+# Sections 2.7 and 2.8).
+#
+# Such clients can be allowlisted with smtpd_forbid_bare_newline_exclusions.
+# The example below allowlists SMTP clients in trusted networks.
+#
+smtpd_forbid_bare_newline = reject
+smtpd_forbid_bare_newline_exclusions = $mynetworks
+#
+# Alternatively, in the case of BDAT violations, BDAT can be selectively
+# disabled with smtpd_discard_ehlo_keyword_address_maps, or globally
+# disabled with smtpd_discard_ehlo_keywords.
+#
+# smtpd_discard_ehlo_keyword_address_maps = cidr:/path/to/file
+# /path/to/file:
+# 10.0.0.0/24 chunking, silent\-discard
+# smtpd_discard_ehlo_keywords = chunking, silent\-discard
+.fi
+.ad
+.ft R
+.in -4
+.PP
+This feature with settings \fByes\fR and \fBno\fR is available
+in Postfix 3.8.4, 3.7.9, 3.6.13, and 3.5.23. Additionally, the
+settings \fBreject\fR, and \fBnormalize\fR are available with
+Postfix >= 3.9, 3.8.5, 3.7.10, 3.6.14, and 3.5.24.
+.SH smtpd_forbid_bare_newline_exclusions (default: $mynetworks)
+Exclude the specified clients from smtpd_forbid_bare_newline
+enforcement. This setting uses the same syntax and parent\-domain
+matching behavior as mynetworks.
+.PP
+This feature is available in Postfix >= 3.9, 3.8.4, 3.7.9,
+3.6.13, and 3.5.23.
+.SH smtpd_forbid_bare_newline_reject_code (default: 550)
+The numerical Postfix SMTP server response code when rejecting a
+request with "smtpd_forbid_bare_newline = reject".
+Specify a 5XX status code (521 to disconnect).
+.PP
+This feature is available in Postfix >= 3.9, 3.8.5, 3.7.10,
+3.6.14, and 3.5.24.
+.SH smtpd_forbid_unauth_pipelining (default: Postfix >= 3.9: yes)
+Disconnect remote SMTP clients that violate RFC 2920 (or 5321)
+command pipelining constraints. The server replies with "554 5.5.0
+Error: SMTP protocol synchronization" and logs the unexpected remote
+SMTP client input. Specify "smtpd_forbid_unauth_pipelining = yes"
+to enable. This feature is enabled by default with Postfix >=
+3.9.
+.PP
+This feature is available in Postfix >= 3.9, 3.8.1, 3.7.6,
+3.6.10, and 3.5.20.
+.SH smtpd_forbidden_commands (default: CONNECT GET POST regexp:{{/^[^A\-Z]/ Bogus}})
+List of commands that cause the Postfix SMTP server to immediately
+terminate the session with a 221 code. This can be used to disconnect
+clients that obviously attempt to abuse the system. In addition to the
+commands listed in this parameter, commands that follow the "Label:"
+format of message headers will also cause a disconnect. With Postfix
+versions 3.6 and earlier, the default value is "CONNECT GET POST".
+.PP
+This feature is available in Postfix 2.2 and later.
+.PP
+Support for inline regular expressions was added in Postfix version
+3.7. See \fBregexp_table\fR(5) for a description of the syntax and features.
+.SH smtpd_hard_error_limit (default: normal: 20, overload: 1)
+The maximal number of errors a remote SMTP client is allowed to
+make without delivering mail. The Postfix SMTP server disconnects
+when the limit is reached. Normally the default limit is 20, but
+it changes under overload to just 1. With Postfix 2.5 and earlier,
+the SMTP server always allows up to 20 errors by default.
+Valid values are greater than zero.
+.SH smtpd_helo_required (default: no)
+Require that a remote SMTP client introduces itself with the HELO
+or EHLO command before sending the MAIL command or other commands
+that require EHLO negotiation.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtpd_helo_required = yes
+.fi
+.ad
+.ft R
+.SH smtpd_helo_restrictions (default: empty)
+Optional restrictions that the Postfix SMTP server applies in the
+context of a client HELO command.
+See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access
+restriction lists" for a discussion of evaluation context and time.
+.PP
+The default is to permit everything.
+.PP
+Note: specify "smtpd_helo_required = yes" to fully enforce this
+restriction (without "smtpd_helo_required = yes", a client can
+simply skip smtpd_helo_restrictions by not sending HELO or EHLO).
+.PP
+Specify a list of restrictions, separated by commas and/or whitespace.
+Continue long lines by starting the next line with whitespace.
+Restrictions are applied in the order as specified; the first
+restriction that matches wins.
+.PP
+The following restrictions are specific to the hostname information
+received with the HELO or EHLO command.
+.IP "\fBcheck_helo_access \fItype:table\fR\fR"
+Search the specified \fBaccess\fR(5) database for the HELO or EHLO
+hostname or parent domains, and execute the corresponding action.
+Note: specify "smtpd_helo_required = yes" to fully enforce this
+restriction (without "smtpd_helo_required = yes", a client can
+simply skip check_helo_access by not sending HELO or EHLO).
+.br
+.IP "\fBcheck_helo_a_access \fItype:table\fR\fR"
+Search the specified \fBaccess\fR(5) database for the IP addresses for
+the HELO or EHLO hostname, and execute the corresponding action.
+Note 1: a result of "OK" is not allowed for safety reasons. Instead,
+use DUNNO in order to exclude specific hosts from denylists. Note
+2: specify "smtpd_helo_required = yes" to fully enforce this
+restriction (without "smtpd_helo_required = yes", a client can
+simply skip check_helo_a_access by not sending HELO or EHLO). This
+feature is available in Postfix 3.0 and later.
+.br
+.IP "\fBcheck_helo_mx_access \fItype:table\fR\fR"
+Search the specified \fBaccess\fR(5) database for the MX hosts for
+the HELO or EHLO hostname, and execute the corresponding action.
+If no MX record is found, look up A or AAAA records, just like the
+Postfix SMTP client would.
+Note 1: a result of "OK" is not allowed for safety reasons. Instead,
+use DUNNO in order to exclude specific hosts from denylists. Note
+2: specify "smtpd_helo_required = yes" to fully enforce this
+restriction (without "smtpd_helo_required = yes", a client can
+simply skip check_helo_mx_access by not sending HELO or EHLO). This
+feature is available in Postfix 2.1 and later.
+.br
+.IP "\fBcheck_helo_ns_access \fItype:table\fR\fR"
+Search the specified \fBaccess\fR(5) database for the DNS servers
+for the HELO or EHLO hostname, and execute the corresponding action.
+Note 1: a result of "OK" is not allowed for safety reasons. Instead,
+use DUNNO in order to exclude specific hosts from denylists. Note
+2: specify "smtpd_helo_required = yes" to fully enforce this
+restriction (without "smtpd_helo_required = yes", a client can
+simply skip check_helo_ns_access by not sending HELO or EHLO). This
+feature is available in Postfix 2.1 and later.
+.br
+.IP "\fBreject_invalid_helo_hostname\fR (with Postfix < 2.3: reject_invalid_hostname)"
+Reject the request when the HELO or EHLO hostname is malformed.
+Note: specify "smtpd_helo_required = yes" to fully enforce
+this restriction (without "smtpd_helo_required = yes", a client can simply
+skip reject_invalid_helo_hostname by not sending HELO or EHLO).
+.br
+The invalid_hostname_reject_code specifies the response code
+for rejected requests (default: 501).
+.br
+.IP "\fBreject_non_fqdn_helo_hostname\fR (with Postfix < 2.3: reject_non_fqdn_hostname)"
+Reject the request when the HELO or EHLO hostname is not in
+fully\-qualified domain or address literal form, as required by the
+RFC. Note: specify
+"smtpd_helo_required = yes" to fully enforce this restriction
+(without "smtpd_helo_required = yes", a client can simply skip
+reject_non_fqdn_helo_hostname by not sending HELO or EHLO).
+.br
+The non_fqdn_reject_code parameter specifies the response code for
+rejected requests (default: 504).
+.br
+.IP "\fBreject_rhsbl_helo \fIrbl_domain=d.d.d.d\fR\fR"
+Reject the request when the HELO or EHLO hostname is
+listed with the A record "\fId.d.d.d\fR" under \fIrbl_domain\fR
+(Postfix version 2.1 and later only). Each "\fId\fR" is a number,
+or a pattern inside "[]" that contains one or more ";"\-separated
+numbers or number..number ranges (Postfix version 2.8 and later).
+If no "\fI=d.d.d.d\fR" is
+specified, reject the request when the HELO or EHLO hostname is
+listed with any A record under \fIrbl_domain\fR. See the
+reject_rbl_client description for additional RBL related configuration
+parameters. Note: specify "smtpd_helo_required = yes" to fully
+enforce this restriction (without "smtpd_helo_required = yes", a
+client can simply skip reject_rhsbl_helo by not sending HELO or
+EHLO). This feature is available in Postfix 2.0
+and later.
+.br
+.IP "\fBreject_unknown_helo_hostname\fR (with Postfix < 2.3: reject_unknown_hostname)"
+Reject the request when the HELO or EHLO hostname has no DNS A
+or MX record.
+.br
+The reply is specified with the
+unknown_hostname_reject_code parameter (default: 450) or
+unknown_helo_hostname_tempfail_action (default: defer_if_permit).
+See the respective parameter descriptions for details.
+.br
+Note: specify "smtpd_helo_required = yes" to fully
+enforce this restriction (without "smtpd_helo_required = yes", a
+client can simply skip reject_unknown_helo_hostname by not sending
+HELO or EHLO).
+.br
+.br
+.PP
+Other restrictions that are valid in this context:
+.IP \(bu
+Generic restrictions that can be used
+in any SMTP command context, described under smtpd_client_restrictions.
+.IP \(bu
+Client hostname or network address specific restrictions
+described under smtpd_client_restrictions.
+.IP \(bu
+SMTP command specific restrictions described under
+smtpd_sender_restrictions or smtpd_recipient_restrictions. When
+sender or recipient restrictions are listed under smtpd_helo_restrictions,
+they have effect only with "smtpd_delay_reject = yes", so that
+$smtpd_helo_restrictions is evaluated at the time of the RCPT TO
+command.
+.br
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname
+smtpd_helo_restrictions = permit_mynetworks, reject_unknown_helo_hostname
+.fi
+.ad
+.ft R
+.SH smtpd_history_flush_threshold (default: 100)
+The maximal number of lines in the Postfix SMTP server command history
+before it is flushed upon receipt of EHLO, RSET, or end of DATA.
+.SH smtpd_junk_command_limit (default: normal: 100, overload: 1)
+The number of junk commands (NOOP, VRFY, ETRN or RSET) that a remote
+SMTP client can send before the Postfix SMTP server starts to
+increment the error counter with each junk command. The junk
+command count is reset after mail is delivered. See also the
+smtpd_error_sleep_time and smtpd_soft_error_limit configuration
+parameters. Normally the default limit is 100, but it changes under
+overload to just 1. With Postfix 2.5 and earlier, the SMTP server
+always allows up to 100 junk commands by default.
+.SH smtpd_log_access_permit_actions (default: empty)
+Enable logging of the named "permit" actions in SMTP server
+access lists (by default, the SMTP server logs "reject" actions but
+not "permit" actions). This feature does not affect conditional
+actions such as "defer_if_permit".
+.PP
+Specify a list of "permit" action names, "/file/name" or
+"type:table" patterns, separated by commas and/or whitespace. The
+list is matched left to right, and the search stops on the first
+match. A "/file/name" pattern is replaced by its contents; a
+"type:table" lookup table is matched when a name matches a lookup
+key (the lookup result is ignored). Continue long lines by starting
+the next line with whitespace. Specify "!pattern" to exclude a name
+from the list.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ # Log all "permit" actions.
+ smtpd_log_access_permit_actions = static:all
+.fi
+.ad
+.ft R
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ # Log "permit_dnswl_client" only.
+ smtpd_log_access_permit_actions = permit_dnswl_client
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.10 and later.
+.SH smtpd_milter_maps (default: empty)
+Lookup tables with Milter settings per remote SMTP client IP
+address. The lookup result overrides the smtpd_milters setting,
+and has the same syntax.
+.PP
+Note: lookup tables cannot return empty responses. Specify a
+lookup result of DISABLE (case does not matter) to indicate that
+Milter support should be disabled.
+.PP
+Example to disable Milters for local clients:
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ smtpd_milter_maps = cidr:/etc/postfix/smtpd_milter_map
+ smtpd_milters = inet:host:port, { inet:host:port, ... }, ...
+.fi
+.ad
+.ft R
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/smtpd_milter_map:
+ # Disable Milters for local clients.
+ 127.0.0.0/8 DISABLE
+ 192.168.0.0/16 DISABLE
+ ::/64 DISABLE
+ 2001:db8::/32 DISABLE
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 3.2 and later.
+.SH smtpd_milters (default: empty)
+A list of Milter (mail filter) applications for new mail that
+arrives via the Postfix \fBsmtpd\fR(8) server. Specify space or comma as
+separator. See the MILTER_README document for details.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH smtpd_min_data_rate (default: 500)
+The minimum plaintext data transfer rate in bytes/second for
+DATA and BDAT requests, when deadlines are enabled with
+smtpd_per_request_deadline. After a read operation transfers N
+plaintext message bytes (possibly after TLS decryption), and after
+the DATA or BDAT request deadline is decremented by the elapsed
+time of that read operation, the DATA or BDAT request deadline is
+incremented by N/smtpd_min_data_rate seconds. However, the deadline
+will never be incremented beyond the time limit specified with
+smtpd_timeout.
+.PP
+This feature is available in Postfix 3.7 and later.
+.SH smtpd_noop_commands (default: empty)
+List of commands that the Postfix SMTP server replies to with "250
+Ok", without doing any syntax checks and without changing state.
+This list overrides any commands built into the Postfix SMTP server.
+.SH smtpd_null_access_lookup_key (default: <>)
+The lookup key to be used in SMTP \fBaccess\fR(5) tables instead of the
+null sender address.
+.SH smtpd_peername_lookup (default: yes)
+Attempt to look up the remote SMTP client hostname, and verify that
+the name matches the client IP address. A client name is set to
+"unknown" when it cannot be looked up or verified, or when name
+lookup is disabled. Turning off name lookup reduces delays due to
+DNS lookup and increases the maximal inbound delivery rate.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH smtpd_per_record_deadline (default: normal: no, overload: yes)
+Change the behavior of the smtpd_timeout and smtpd_starttls_timeout
+time limits, from a
+time limit per read or write system call, to a time limit to send
+or receive a complete record (an SMTP command line, SMTP response
+line, SMTP message content line, or TLS protocol message). This
+limits the impact from hostile peers that trickle data one byte at
+a time.
+.PP
+Note: when per\-record deadlines are enabled, a short timeout
+may cause problems with TLS over very slow network connections.
+The reasons are that a TLS protocol message can be up to 16 kbytes
+long (with TLSv1), and that an entire TLS protocol message must be
+sent or received within the per\-record deadline.
+.PP
+This feature is available in Postfix 2.9\-3.6. With older
+Postfix releases, the behavior is as if this parameter is set to
+"no". Postfix 3.7 and later use smtpd_per_request_deadline.
+.SH smtpd_per_request_deadline (default: normal: no, overload: yes)
+Change the behavior of the smtpd_timeout and smtpd_starttls_timeout
+time limits, from a time limit per plaintext or TLS read or write
+call, to a combined time limit for receiving a complete SMTP request
+and for sending a complete SMTP response. The deadline limits only
+the time spent waiting for plaintext or TLS read or write calls,
+not time spent elsewhere. The per\-request deadline limits the impact
+from hostile peers that trickle data one byte at a time.
+.PP
+See smtpd_min_data_rate for how the per\-request deadline is
+managed during the DATA and BDAT phase.
+.PP
+Note: when per\-request deadlines are enabled, a short time limit
+may cause problems with TLS over very slow network connections. The
+reason is that a TLS protocol message can be up to 16 kbytes long
+(with TLSv1), and that an entire TLS protocol message must be
+transferred within the per\-request deadline.
+.PP
+This feature is available in Postfix 3.7 and later. A weaker
+feature, called smtpd_per_record_deadline, is available with Postfix
+2.9\-3.6. With older Postfix releases, the behavior is as if this
+parameter is set to "no".
+.PP
+This feature is available in Postfix 3.7 and later.
+.SH smtpd_policy_service_default_action (default: 451 4.3.5 Server configuration problem)
+The default action when an SMTPD policy service request fails.
+Specify "DUNNO" to behave as if the failed SMTPD policy service
+request was not sent, and to continue processing other access
+restrictions, if any.
+.PP
+Limitations:
+.IP \(bu
+This parameter may specify any value that would be a valid
+SMTPD policy server response (or \fBaccess\fR(5) map lookup result). An
+\fBaccess\fR(5) map or policy server in this parameter value may need to
+be declared in advance with a restriction_class setting.
+.IP \(bu
+If the specified action invokes another check_policy_service
+request, that request will have the built\-in default action.
+.br
+.PP
+This feature is available in Postfix 3.0 and later.
+.SH smtpd_policy_service_max_idle (default: 300s)
+The time after which an idle SMTPD policy service connection is
+closed.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH smtpd_policy_service_max_ttl (default: 1000s)
+The time after which an active SMTPD policy service connection is
+closed.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH smtpd_policy_service_policy_context (default: empty)
+Optional information that the Postfix SMTP server specifies in
+the "policy_context" attribute of a policy service request (originally,
+to share the same service endpoint among multiple check_policy_service
+clients).
+.PP
+This feature is available in Postfix 3.1 and later.
+.SH smtpd_policy_service_request_limit (default: 0)
+The maximal number of requests per SMTPD policy service connection,
+or zero (no limit). Once a connection reaches this limit, the
+connection is closed and the next request will be sent over a new
+connection. This is a workaround to avoid error\-recovery delays
+with policy servers that cannot maintain a persistent connection.
+.PP
+This feature is available in Postfix 3.0 and later.
+.SH smtpd_policy_service_retry_delay (default: 1s)
+The delay between attempts to resend a failed SMTPD policy
+service request. Specify a value greater than zero.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 3.0 and later.
+.SH smtpd_policy_service_timeout (default: 100s)
+The time limit for connecting to, writing to, or receiving from a
+delegated SMTPD policy server.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH smtpd_policy_service_try_limit (default: 2)
+The maximal number of attempts to send an SMTPD policy service
+request before giving up. Specify a value greater than zero.
+.PP
+This feature is available in Postfix 3.0 and later.
+.SH smtpd_proxy_ehlo (default: $myhostname)
+How the Postfix SMTP server announces itself to the proxy filter.
+By default, the Postfix hostname is used.
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH smtpd_proxy_filter (default: empty)
+The hostname and TCP port of the mail filtering proxy server.
+The proxy receives all mail from the Postfix SMTP server, and is
+supposed to give the result to another Postfix SMTP server process.
+.PP
+Specify "host:port" or "inet:host:port" for a TCP endpoint, or
+"unix:pathname" for a UNIX\-domain endpoint. The host can be specified
+as an IP address or as a symbolic name; no MX lookups are done.
+When no "host" or "host:" is specified, the local machine is
+assumed. Pathname interpretation is relative to the Postfix queue
+directory.
+.PP
+This feature is available in Postfix 2.1 and later.
+.PP
+The "inet:" and "unix:" prefixes are available in Postfix 2.3
+and later.
+.SH smtpd_proxy_options (default: empty)
+List of options that control how the Postfix SMTP server
+communicates with a before\-queue content filter. Specify zero or
+more of the following, separated by comma or whitespace.
+.IP "\fBspeed_adjust\fR"
+Do not connect to a before\-queue content filter until an entire
+message has been received. This reduces the number of simultaneous
+before\-queue content filter processes.
+.PP
+NOTE 1: A filter must not \fIselectively\fR reject recipients
+of a multi\-recipient message. Rejecting all recipients is OK, as
+is accepting all recipients.
+.PP
+NOTE 2: This feature increases the minimum amount of free queue
+space by $message_size_limit. The extra space is needed to save the
+message to a temporary file.
+.br
+.br
+.PP
+This feature is available in Postfix 2.7 and later.
+.SH smtpd_proxy_timeout (default: 100s)
+The time limit for connecting to a proxy filter and for sending or
+receiving information. When a connection fails the client gets a
+generic error message while more detailed information is logged to
+the maillog file.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH smtpd_recipient_limit (default: 1000)
+The maximal number of recipients that the Postfix SMTP server
+accepts per message delivery request.
+.SH smtpd_recipient_overshoot_limit (default: 1000)
+The number of recipients that a remote SMTP client can send in
+excess of the limit specified with $smtpd_recipient_limit, before
+the Postfix SMTP server increments the per\-session error count
+for each excess recipient.
+.SH smtpd_recipient_restrictions (default: see "postconf \-d" output)
+Optional restrictions that the Postfix SMTP server applies in the
+context of a client RCPT TO command, after smtpd_relay_restrictions.
+See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access
+restriction lists" for a discussion of evaluation context and time.
+.PP
+With Postfix versions before 2.10, the rules for relay permission
+and spam blocking were combined under smtpd_recipient_restrictions,
+resulting in error\-prone configuration. As of Postfix 2.10, relay
+permission rules are preferably implemented with smtpd_relay_restrictions,
+so that a permissive spam blocking policy under
+smtpd_recipient_restrictions will no longer result in a permissive
+mail relay policy.
+.PP
+For backwards compatibility, sites that migrate from Postfix
+versions before 2.10 can set smtpd_relay_restrictions to the empty
+value, and use smtpd_recipient_restrictions exactly as before.
+.PP
+IMPORTANT: Either the smtpd_relay_restrictions or the
+smtpd_recipient_restrictions parameter must specify
+at least one of the following restrictions. Otherwise Postfix will
+refuse to receive mail:
+.sp
+.in +4
+.nf
+.na
+.ft C
+reject, reject_unauth_destination
+.fi
+.ad
+.ft R
+.in -4
+.sp
+.in +4
+.nf
+.na
+.ft C
+defer, defer_if_permit, defer_unauth_destination
+.fi
+.ad
+.ft R
+.in -4
+.PP
+Specify a list of restrictions, separated by commas and/or whitespace.
+Continue long lines by starting the next line with whitespace.
+Restrictions are applied in the order as specified; the first
+restriction that matches wins.
+.PP
+The following restrictions are specific to the recipient address
+that is received with the RCPT TO command.
+.IP "\fBcheck_recipient_access \fItype:table\fR\fR"
+Search the specified \fBaccess\fR(5) database for the resolved RCPT
+TO address, domain, parent domains, or localpart@, and execute the
+corresponding action.
+.br
+.IP "\fBcheck_recipient_a_access \fItype:table\fR\fR"
+Search the specified \fBaccess\fR(5) database for the IP addresses for
+the RCPT TO domain, and execute the corresponding action. Note:
+a result of "OK" is not allowed for safety reasons. Instead, use
+DUNNO in order to exclude specific hosts from denylists. This
+feature is available in Postfix 3.0 and later.
+.br
+.IP "\fBcheck_recipient_mx_access \fItype:table\fR\fR"
+Search the specified \fBaccess\fR(5) database for the MX hosts for
+the RCPT TO domain, and execute the corresponding action. If no
+MX record is found, look up A or AAAA records, just like the Postfix
+SMTP client would. Note:
+a result of "OK" is not allowed for safety reasons. Instead, use
+DUNNO in order to exclude specific hosts from denylists. This
+feature is available in Postfix 2.1 and later.
+.br
+.IP "\fBcheck_recipient_ns_access \fItype:table\fR\fR"
+Search the specified \fBaccess\fR(5) database for the DNS servers
+for the RCPT TO domain, and execute the corresponding action.
+Note: a result of "OK" is not allowed for safety reasons. Instead,
+use DUNNO in order to exclude specific hosts from denylists. This
+feature is available in Postfix 2.1 and later.
+.br
+.IP "\fBpermit_auth_destination\fR"
+Permit the request when one of the following is true:
+.IP \(bu
+Postfix is a mail forwarder: the resolved RCPT TO domain matches
+$relay_domains or a subdomain thereof, and the address contains no
+sender\-specified routing (user@elsewhere@domain),
+.IP \(bu
+Postfix is the final destination: the resolved RCPT TO domain
+matches $mydestination, $inet_interfaces, $proxy_interfaces,
+$virtual_alias_domains, or $virtual_mailbox_domains, and the address
+contains no sender\-specified routing (user@elsewhere@domain).
+.br
+.br
+.IP "\fBpermit_mx_backup\fR"
+Permit the request when the local mail system is a backup MX for
+the RCPT TO domain, or when the domain is an authorized destination
+(see permit_auth_destination for definition).
+.IP \(bu
+Safety: permit_mx_backup does not accept addresses that have
+sender\-specified routing information (example: user@elsewhere@domain).
+.IP \(bu
+Safety: permit_mx_backup can be vulnerable to mis\-use when
+access is not restricted with permit_mx_backup_networks.
+.IP \(bu
+Safety: as of Postfix version 2.3, permit_mx_backup no longer
+accepts the address when the local mail system is a primary MX for
+the recipient domain. Exception: permit_mx_backup accepts the address
+when it specifies an authorized destination (see permit_auth_destination
+for definition).
+.IP \(bu
+Limitation: mail may be rejected in case of a temporary DNS
+lookup problem with Postfix prior to version 2.0.
+.br
+.br
+.IP "\fBreject_non_fqdn_recipient\fR"
+Reject the request when the RCPT TO address specifies a
+domain that is not in
+fully\-qualified domain form, as required by the RFC.
+.br
+The
+non_fqdn_reject_code parameter specifies the response code for
+rejected requests (default: 504).
+.br
+.IP "\fBreject_rhsbl_recipient \fIrbl_domain=d.d.d.d\fR\fR"
+Reject the request when the RCPT TO domain is listed with the
+A record "\fId.d.d.d\fR" under \fIrbl_domain\fR (Postfix version
+2.1 and later only). Each "\fId\fR" is a number, or a pattern
+inside "[]" that contains one or more ";"\-separated numbers or
+number..number ranges (Postfix version 2.8 and later). If no
+"\fI=d.d.d.d\fR" is specified, reject
+the request when the RCPT TO domain is listed with
+any A record under \fIrbl_domain\fR.
+.br
+The maps_rbl_reject_code
+parameter specifies the response code for rejected requests (default:
+554); the default_rbl_reply parameter specifies the default server
+reply; and the rbl_reply_maps parameter specifies tables with server
+replies indexed by \fIrbl_domain\fR. This feature is available
+in Postfix version 2.0 and later.
+.br
+.IP "\fBreject_unauth_destination\fR"
+Reject the request unless one of the following is true:
+.IP \(bu
+Postfix is a mail forwarder: the resolved RCPT TO domain matches
+$relay_domains or a subdomain thereof, and contains no sender\-specified
+routing (user@elsewhere@domain),
+.IP \(bu
+Postfix is the final destination: the resolved RCPT TO domain
+matches $mydestination, $inet_interfaces, $proxy_interfaces,
+$virtual_alias_domains, or $virtual_mailbox_domains, and contains
+no sender\-specified routing (user@elsewhere@domain).
+.br
+The relay_domains_reject_code parameter specifies the response
+code for rejected requests (default: 554).
+.br
+.IP "\fBdefer_unauth_destination\fR"
+Reject the same requests as reject_unauth_destination, with a
+non\-permanent error code. This feature is available in Postfix
+2.10 and later.
+.br
+.IP "\fBreject_unknown_recipient_domain\fR"
+Reject the request when Postfix is not final destination for
+the recipient domain, and the RCPT TO domain has 1) no DNS MX and
+no DNS A
+record or 2) a malformed MX record such as a record with
+a zero\-length MX hostname (Postfix version 2.3 and later).
+.br
+The
+reply is specified with the unknown_address_reject_code parameter
+(default: 450), unknown_address_tempfail_action (default:
+defer_if_permit), or 556 (nullmx, Postfix 3.0 and
+later). See the respective parameter descriptions for details.
+.br
+.IP "\fBreject_unlisted_recipient\fR (with Postfix version 2.0: check_recipient_maps)"
+Reject the request when the RCPT TO address is not listed in
+the list of valid recipients for its domain class. See the
+smtpd_reject_unlisted_recipient parameter description for details.
+This feature is available in Postfix 2.1 and later.
+.br
+.IP "\fBreject_unverified_recipient\fR"
+Reject the request when mail to the RCPT TO address is known
+to bounce, or when the recipient address destination is not reachable.
+Address verification information is managed by the \fBverify\fR(8) server;
+see the ADDRESS_VERIFICATION_README file for details.
+.br
+The
+unverified_recipient_reject_code parameter specifies the numerical
+response code when an address is known to bounce (default: 450,
+change it to 550 when you are confident that it is safe to do so).
+.br
+The unverified_recipient_defer_code parameter specifies the
+numerical response code when an address probe failed due to a
+temporary problem (default: 450).
+.br
+The
+unverified_recipient_tempfail_action parameter specifies the action
+after address probe failure due to a temporary problem (default:
+defer_if_permit).
+.br
+This feature breaks for aliased addresses
+with "enable_original_recipient = no" (Postfix <= 3.2).
+.br
+This feature is available in Postfix 2.1 and later.
+.br
+.br
+.PP
+Other restrictions that are valid in this context:
+.IP \(bu
+Generic restrictions that can be used
+in any SMTP command context, described under smtpd_client_restrictions.
+.IP \(bu
+SMTP command specific restrictions described under
+smtpd_client_restrictions, smtpd_helo_restrictions and
+smtpd_sender_restrictions.
+.br
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+# The Postfix before 2.10 default mail relay policy. Later Postfix
+# versions implement this preferably with smtpd_relay_restrictions.
+smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
+.fi
+.ad
+.ft R
+.SH smtpd_reject_footer (default: empty)
+Optional information that is appended after each Postfix SMTP
+server
+4XX or 5XX response.
+.PP
+The following example uses "\ec" at the start of the template
+(supported in Postfix 2.10 and later) to suppress the line break
+between the reply text and the footer text. With earlier Postfix
+versions, the footer text always begins on a new line, and the "\ec"
+is output literally.
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ smtpd_reject_footer = \ec. For assistance, call 800\-555\-0101.
+ Please provide the following information in your problem report:
+ time ($localtime), client ($client_address) and server
+ ($server_name).
+.fi
+.ad
+.ft R
+.PP
+Server response:
+.PP
+.nf
+.na
+.ft C
+ 550\-5.5.1 <user@example> Recipient address rejected: User
+ unknown. For assistance, call 800\-555\-0101. Please provide the
+ following information in your problem report: time (Jan 4 15:42:00),
+ client (192.168.1.248) and server (mail1.example.com).
+.fi
+.ad
+.ft R
+.PP
+Note: the above text is meant to make it easier to find the
+Postfix logfile records for a failed SMTP session. The text itself
+is not logged to the Postfix SMTP server's maillog file.
+.PP
+Be sure to keep the text as short as possible. Long text may
+be truncated before it is logged to the remote SMTP client's maillog
+file, or before it is returned to the sender in a delivery status
+notification.
+.PP
+The template text is not subject to Postfix configuration
+parameter $name expansion. Instead, this feature supports a limited
+number of $name attributes in the footer text. These attributes are
+replaced with their current value for the SMTP session.
+.PP
+Note: specify $$name in footer text that is looked up from
+regexp: or pcre:\-based smtpd_reject_footer_maps, otherwise the
+Postfix server will not use the footer text and will log a warning
+instead.
+.IP "\fBclient_address\fR"
+The Client IP address that
+is logged in the maillog file.
+.br
+.IP "\fBclient_port\fR"
+The client TCP port that is
+logged in the maillog file.
+.br
+.IP "\fBlocaltime\fR"
+The server local time (Mmm dd
+hh:mm:ss) that is logged in the maillog file.
+.br
+.IP "\fBserver_name\fR"
+The server's myhostname value.
+This attribute is made available for sites with multiple MTAs
+(perhaps behind a load\-balancer), where the server name can help
+the server support team to quickly find the right log files.
+.br
+.br
+.PP
+Notes:
+.IP \(bu
+NOT SUPPORTED are other attributes such as sender, recipient,
+or main.cf parameters.
+.IP \(bu
+For safety reasons, text that does not match
+$smtpd_expansion_filter is censored.
+.br
+.PP
+This feature supports the two\-character sequence \en as a request
+for a line break in the footer text. Postfix automatically inserts
+after each line break the three\-digit SMTP reply code (and optional
+enhanced status code) from the original Postfix reject message.
+.PP
+To work around mail software that mis\-handles multi\-line replies,
+specify the two\-character sequence \ec at the start of the template.
+This suppresses the line break between the reply text and the footer
+text (Postfix 2.10 and later).
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH smtpd_reject_footer_maps (default: empty)
+Lookup tables, indexed by the complete Postfix SMTP server 4xx or
+5xx response, with reject footer templates. See smtpd_reject_footer
+for details.
+.PP
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH smtpd_reject_unlisted_recipient (default: yes)
+Request that the Postfix SMTP server rejects mail for unknown
+recipient addresses, even when no explicit reject_unlisted_recipient
+access restriction is specified. This prevents the Postfix queue
+from filling up with undeliverable MAILER\-DAEMON messages.
+.PP
+An address is considered "unknown" when 1) it does not match a
+\fBvirtual\fR(5) alias or \fBcanonical\fR(5) mapping, and 2) the address is not
+valid for its address class. For a definition of class\-based address
+validation, see
+ADDRESS_CLASS_README.
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH smtpd_reject_unlisted_sender (default: no)
+Request that the Postfix SMTP server rejects mail from unknown
+sender addresses, even when no explicit reject_unlisted_sender
+access restriction is specified. This can slow down an explosion
+of forged mail from worms or viruses.
+.PP
+An address is considered "unknown" when 1) it does not match a
+\fBvirtual\fR(5) alias or \fBcanonical\fR(5) mapping, and 2) the address is not
+valid for its address class. For a definition of class\-based address
+validation, see
+ADDRESS_CLASS_README.
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH smtpd_relay_before_recipient_restrictions (default: see "postconf \-d" output)
+Evaluate smtpd_relay_restrictions before smtpd_recipient_restrictions.
+Historically, smtpd_relay_restrictions was evaluated after
+smtpd_recipient_restrictions, contradicting documented behavior.
+.PP
+Background: the smtpd_relay_restrictions feature is primarily
+designed to enforce a mail relaying policy, while
+smtpd_recipient_restrictions is primarily designed to enforce spam
+blocking policy. Both are evaluated while replying to the RCPT TO
+command, and both support the same features.
+.PP
+This feature is available in Postfix 3.6 and later.
+.SH smtpd_relay_restrictions (default: permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination)
+Access restrictions for mail relay control that the Postfix
+SMTP server applies in the context of the RCPT TO command, before
+smtpd_recipient_restrictions.
+See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access
+restriction lists" for a discussion of evaluation context and time.
+.PP
+With Postfix versions before 2.10, the rules for relay permission
+and spam blocking were combined under smtpd_recipient_restrictions,
+resulting in error\-prone configuration. As of Postfix 2.10, relay
+permission rules are preferably implemented with smtpd_relay_restrictions,
+so that a permissive spam blocking policy under
+smtpd_recipient_restrictions will no longer result in a permissive
+mail relay policy.
+.PP
+For backwards compatibility, sites that migrate from Postfix
+versions before 2.10 can set smtpd_relay_restrictions to the empty
+value, and use smtpd_recipient_restrictions exactly as before.
+.PP
+By default, the Postfix SMTP server accepts:
+.IP \(bu
+Mail from clients whose IP address matches $mynetworks, or:
+.IP \(bu
+Mail from clients who are SASL authenticated, or:
+.IP \(bu
+Mail to remote destinations that match $relay_domains, except
+for addresses that contain sender\-specified routing
+(user@elsewhere@domain), or:
+.IP \(bu
+Mail to local destinations that match $inet_interfaces
+or $proxy_interfaces, $mydestination, $virtual_alias_domains, or
+$virtual_mailbox_domains.
+.br
+.PP
+IMPORTANT: Either the smtpd_relay_restrictions or the
+smtpd_recipient_restrictions parameter must specify
+at least one of the following restrictions. Otherwise Postfix will
+refuse to receive mail:
+.sp
+.in +4
+.nf
+.na
+.ft C
+reject, reject_unauth_destination
+.fi
+.ad
+.ft R
+.in -4
+.sp
+.in +4
+.nf
+.na
+.ft C
+defer, defer_if_permit, defer_unauth_destination
+.fi
+.ad
+.ft R
+.in -4
+.PP
+Specify a list of restrictions, separated by commas and/or whitespace.
+Continue long lines by starting the next line with whitespace.
+The same restrictions are available as documented under
+smtpd_recipient_restrictions.
+.PP
+This feature is available in Postix 2.10 and later.
+.SH smtpd_restriction_classes (default: empty)
+User\-defined aliases for groups of access restrictions. The aliases
+can be specified in smtpd_recipient_restrictions etc., and on the
+right\-hand side of a Postfix \fBaccess\fR(5) table.
+.PP
+One major application is for implementing per\-recipient UCE control.
+See the RESTRICTION_CLASS_README document for other examples.
+.SH smtpd_sasl_application_name (default: smtpd)
+The application name that the Postfix SMTP server uses for SASL
+server initialization. This
+controls the name of the SASL configuration file. The default value
+is \fBsmtpd\fR, corresponding to a SASL configuration file named
+\fBsmtpd.conf\fR.
+.PP
+This feature is available in Postfix 2.1 and 2.2. With Postfix 2.3
+it was renamed to smtpd_sasl_path.
+.SH smtpd_sasl_auth_enable (default: no)
+Enable SASL authentication in the Postfix SMTP server. By default,
+the Postfix SMTP server does not use authentication.
+.PP
+If a remote SMTP client is authenticated, the permit_sasl_authenticated
+access restriction can be used to permit relay access, like this:
+.sp
+.in +4
+.nf
+.na
+.ft C
+# With Postfix 2.10 and later, the mail relay policy is
+# preferably specified under smtpd_relay_restrictions.
+smtpd_relay_restrictions =
+ permit_mynetworks, permit_sasl_authenticated, ...
+.fi
+.ad
+.ft R
+.PP
+.nf
+.na
+.ft C
+# With Postfix before 2.10, the relay policy can be
+# specified only under smtpd_recipient_restrictions.
+smtpd_recipient_restrictions =
+ permit_mynetworks, permit_sasl_authenticated, ...
+.fi
+.ad
+.ft R
+.in -4
+.PP
+To reject all SMTP connections from unauthenticated clients,
+specify "smtpd_delay_reject = yes" (which is the default) and use:
+.sp
+.in +4
+.nf
+.na
+.ft C
+smtpd_client_restrictions = permit_sasl_authenticated, reject
+.fi
+.ad
+.ft R
+.in -4
+.PP
+See the SASL_README file for SASL configuration and operation details.
+.SH smtpd_sasl_authenticated_header (default: no)
+Report the SASL authenticated user name in the \fBsmtpd\fR(8) Received
+message header.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH smtpd_sasl_exceptions_networks (default: empty)
+What remote SMTP clients the Postfix SMTP server will not offer
+AUTH support to.
+.PP
+Some clients (Netscape 4 at least) have a bug that causes them to
+require a login and password whenever AUTH is offered, whether it's
+necessary or not. To work around this, specify, for example,
+$mynetworks to prevent Postfix from offering AUTH to local clients.
+.PP
+Specify a list of network/netmask patterns, separated by commas
+and/or whitespace. The mask specifies the number of bits in the
+network part of a host address. You can also specify "/file/name" or
+"type:table" patterns. A "/file/name" pattern is replaced by its
+contents; a "type:table" lookup table is matched when a table entry
+matches a lookup string (the lookup result is ignored). Continue
+long lines by starting the next line with whitespace. Specify
+"!pattern" to exclude an address or network block from the list.
+The form "!/file/name" is supported only in Postfix version 2.4 and
+later.
+.PP
+Note: IP version 6 address information must be specified inside
+[] in the smtpd_sasl_exceptions_networks value, and in
+files specified with "/file/name". IP version 6 addresses contain
+the ":" character, and would otherwise be confused with a "type:table"
+pattern.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtpd_sasl_exceptions_networks = $mynetworks
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH smtpd_sasl_local_domain (default: empty)
+The name of the Postfix SMTP server's local SASL authentication
+realm.
+.PP
+By default, the local authentication realm name is the null string.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+smtpd_sasl_local_domain = $mydomain
+smtpd_sasl_local_domain = $myhostname
+.fi
+.ad
+.ft R
+.SH smtpd_sasl_mechanism_filter (default: !external, static:rest)
+If non\-empty, a filter for the SASL mechanism names that the
+Postfix SMTP server will announce in the EHLO response. By default,
+the Postfix SMTP server will not announce the EXTERNAL mechanism,
+because Postfix support for that is not implemented.
+.PP
+Specify mechanism names, "/file/name" patterns, or "type:table"
+lookup tables, separated by comma or whitespace. The right\-hand
+side result from "type:table" lookups is ignored. Specify "!pattern"
+to exclude a mechanism name from the list.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+smtpd_sasl_mechanism_filter = !external, !gssapi, static:rest
+smtpd_sasl_mechanism_filter = login, plain
+smtpd_sasl_mechanism_filter = /etc/postfix/smtpd_mechs
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 3.6 and later.
+.SH smtpd_sasl_path (default: smtpd)
+Implementation\-specific information that the Postfix SMTP server
+passes through to
+the SASL plug\-in implementation that is selected with
+\fBsmtpd_sasl_type\fR. Typically this specifies the name of a
+configuration file or rendezvous point.
+.PP
+This feature is available in Postfix 2.3 and later. In earlier
+releases it was called \fBsmtpd_sasl_application_name\fR.
+.SH smtpd_sasl_response_limit (default: 12288)
+The maximum length of a SASL client's response to a server challenge.
+When the client's "initial response" is longer than the normal limit for
+SMTP commands, the client must omit its initial response, and wait for an
+empty server challenge; it can then send what would have been its "initial
+response" as a response to the empty server challenge. RFC4954 requires the
+server to accept client responses up to at least 12288 octets of
+base64\-encoded text. The default value is therefore also the minimum value
+accepted for this parameter.
+.PP
+This feature is available in Postfix 3.4 and later. Prior versions use
+"line_length_limit", which may need to be raised to accommodate larger client
+responses, as may be needed with GSSAPI authentication of Windows AD users
+who are members of many groups.
+.SH smtpd_sasl_security_options (default: noanonymous)
+Postfix SMTP server SASL security options; as of Postfix 2.3
+the list of available
+features depends on the SASL server implementation that is selected
+with \fBsmtpd_sasl_type\fR.
+.PP
+The following security features are defined for the \fBcyrus\fR
+server SASL implementation:
+.PP
+Restrict what authentication mechanisms the Postfix SMTP server
+will offer to the client. The list of available authentication
+mechanisms is system dependent.
+.PP
+Specify zero or more of the following:
+.IP "\fBnoplaintext\fR"
+Disallow methods that use plaintext passwords.
+.br
+.IP "\fBnoactive\fR"
+Disallow methods subject to active (non\-dictionary) attack.
+.br
+.IP "\fBnodictionary\fR"
+Disallow methods subject to passive (dictionary) attack.
+.br
+.IP "\fBnoanonymous\fR"
+Disallow methods that allow anonymous authentication.
+.br
+.IP "\fBforward_secrecy\fR"
+Only allow methods that support forward secrecy (Dovecot only).
+.br
+.IP "\fBmutual_auth\fR"
+Only allow methods that provide mutual authentication (not available
+with Cyrus SASL version 1).
+.br
+.br
+.PP
+By default, the Postfix SMTP server accepts plaintext passwords but
+not anonymous logins.
+.PP
+Warning: it appears that clients try authentication methods in the
+order as advertised by the server (e.g., PLAIN ANONYMOUS CRAM\-MD5)
+which means that if you disable plaintext passwords, clients will
+log in anonymously, even when they should be able to use CRAM\-MD5.
+So, if you disable plaintext logins, disable anonymous logins too.
+Postfix treats anonymous login as no authentication.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtpd_sasl_security_options = noanonymous, noplaintext
+.fi
+.ad
+.ft R
+.SH smtpd_sasl_service (default: smtp)
+The service name that is passed to the SASL plug\-in that is
+selected with \fBsmtpd_sasl_type\fR and \fBsmtpd_sasl_path\fR.
+.PP
+This feature is available in Postfix 2.11 and later. Prior
+versions behave as if "\fBsmtp\fR" is specified.
+.SH smtpd_sasl_tls_security_options (default: $smtpd_sasl_security_options)
+The SASL authentication security options that the Postfix SMTP
+server uses for TLS encrypted SMTP sessions.
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtpd_sasl_type (default: cyrus)
+The SASL plug\-in type that the Postfix SMTP server should use
+for authentication. The available types are listed with the
+"\fBpostconf \-a\fR" command.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH smtpd_sender_login_maps (default: empty)
+Optional lookup table with the SASL login names that own the sender
+(MAIL FROM) addresses.
+.PP
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found. With lookups from
+indexed files such as DB or DBM, or from networked tables such as
+NIS, LDAP or SQL, the following search operations are done with a
+sender address of \fIuser@domain\fR:
+.IP "1) \fIuser@domain\fR"
+This table lookup is always done and has the highest precedence.
+.br
+.IP "2) \fIuser\fR"
+This table lookup is done only when the \fIdomain\fR part of the
+sender address matches $myorigin, $mydestination, $inet_interfaces
+or $proxy_interfaces.
+.br
+.IP "3) \fI@domain\fR"
+This table lookup is done last and has the lowest precedence.
+.br
+.br
+.PP
+In all cases the result of table lookup must be either "not found"
+or a list of SASL login names separated by comma and/or whitespace.
+.SH smtpd_sender_restrictions (default: empty)
+Optional restrictions that the Postfix SMTP server applies in the
+context of a client MAIL FROM command.
+See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access
+restriction lists" for a discussion of evaluation context and time.
+.PP
+The default is to permit everything.
+.PP
+Specify a list of restrictions, separated by commas and/or whitespace.
+Continue long lines by starting the next line with whitespace.
+Restrictions are applied in the order as specified; the first
+restriction that matches wins.
+.PP
+The following restrictions are specific to the sender address
+received with the MAIL FROM command.
+.IP "\fBcheck_sender_access \fItype:table\fR\fR"
+Search the specified \fBaccess\fR(5) database for the MAIL FROM
+address, domain, parent domains, or localpart@, and execute the
+corresponding action.
+.br
+.IP "\fBcheck_sender_a_access \fItype:table\fR\fR"
+Search the specified \fBaccess\fR(5) database for the IP addresses for
+the MAIL FROM domain, and execute the corresponding action. Note:
+a result of "OK" is not allowed for safety reasons. Instead, use
+DUNNO in order to exclude specific hosts from denylists. This
+feature is available in Postfix 3.0 and later.
+.br
+.IP "\fBcheck_sender_mx_access \fItype:table\fR\fR"
+Search the specified \fBaccess\fR(5) database for the MX hosts for
+the MAIL FROM domain, and execute the corresponding action. If no
+MX record is found, look up A or AAAA records, just like the Postfix
+SMTP client would. Note:
+a result of "OK" is not allowed for safety reasons. Instead, use
+DUNNO in order to exclude specific hosts from denylists. This
+feature is available in Postfix 2.1 and later.
+.br
+.IP "\fBcheck_sender_ns_access \fItype:table\fR\fR"
+Search the specified \fBaccess\fR(5) database for the DNS servers
+for the MAIL FROM domain, and execute the corresponding action.
+Note: a result of "OK" is not allowed for safety reasons. Instead,
+use DUNNO in order to exclude specific hosts from denylists. This
+feature is available in Postfix 2.1 and later.
+.br
+.IP "\fBreject_authenticated_sender_login_mismatch\fR"
+Reject the request when the client is authenticated with SASL,
+but either the MAIL FROM address is not listed in $smtpd_sender_login_maps,
+or the SASL login name is not an owner for that address.
+.br
+This prevents an authenticated client from using a MAIL FROM address
+that they do not explicitly own.
+.br
+This feature is available in Postfix version 2.1 and later.
+.br
+.IP "\fBreject_known_sender_login_mismatch\fR"
+When the client is authenticated with SASL, reject the request
+when the MAIL FROM address is listed in $smtpd_sender_login_maps,
+but the SASL login name is not an owner for that address.
+.br
+When the client is not authenticated with SASL, reject the request
+when SASL is enabled, and the MAIL FROM address is listed in
+$smtpd_sender_login_maps.
+.br
+This protects any MAIL FROM address that is listed in
+$smtpd_sender_login_maps, while still allowing a client to use any
+unlisted MAIL FROM address.
+.br
+This feature is available in Postfix version 2.11 and later.
+.br
+.IP "\fBreject_non_fqdn_sender\fR"
+Reject the request when the MAIL FROM address specifies a
+domain that is not in
+fully\-qualified domain form as required by the RFC.
+.br
+The
+non_fqdn_reject_code parameter specifies the response code for
+rejected requests (default: 504).
+.br
+.IP "\fBreject_rhsbl_sender \fIrbl_domain=d.d.d.d\fR\fR"
+Reject the request when the MAIL FROM domain is listed with
+the A record "\fId.d.d.d\fR" under \fIrbl_domain\fR (Postfix
+version 2.1 and later only). Each "\fId\fR" is a number, or a
+pattern inside "[]" that contains one or more ";"\-separated numbers
+or number..number ranges (Postfix version 2.8 and later). If no
+"\fI=d.d.d.d\fR" is specified,
+reject the request when the MAIL FROM domain is
+listed with any A record under \fIrbl_domain\fR.
+.br
+The
+maps_rbl_reject_code parameter specifies the response code for
+rejected requests (default: 554); the default_rbl_reply parameter
+specifies the default server reply; and the rbl_reply_maps parameter
+specifies tables with server replies indexed by \fIrbl_domain\fR.
+This feature is available in Postfix 2.0 and later.
+.br
+.IP "\fBreject_sender_login_mismatch\fR"
+As of Postfix 2.1, this is an alias for
+"reject_authenticated_sender_login_mismatch,
+reject_unauthenticated_sender_login_mismatch".
+.br
+.IP "\fBreject_unauthenticated_sender_login_mismatch\fR"
+Reject the request when SASL is enabled, the MAIL FROM address
+is listed in $smtpd_sender_login_maps, but the client is not
+authenticated with SASL.
+.br
+With SASL enabled, this prevents an unauthenticated client from
+using any MAIL FROM address that is listed in $smtpd_sender_login_maps.
+.br
+This feature is available in Postfix version 2.1 and later.
+.br
+.IP "\fBreject_unknown_sender_domain\fR"
+Reject the request when Postfix is not the final destination for
+the sender address, and the MAIL FROM domain has 1) no DNS MX and
+no DNS A
+record, or 2) a malformed MX record such as a record with
+a zero\-length MX hostname (Postfix version 2.3 and later).
+.br
+The
+reply is specified with the unknown_address_reject_code parameter
+(default: 450), unknown_address_tempfail_action (default:
+defer_if_permit), or 550 (nullmx, Postfix 3.0 and
+later). See the respective parameter descriptions for details.
+.br
+.IP "\fBreject_unlisted_sender\fR"
+Reject the request when the MAIL FROM address is not listed in
+the list of valid recipients for its domain class. See the
+smtpd_reject_unlisted_sender parameter description for details.
+This feature is available in Postfix 2.1 and later.
+.br
+.IP "\fBreject_unverified_sender\fR"
+Reject the request when mail to the MAIL FROM address is known to
+bounce, or when the sender address destination is not reachable.
+Address verification information is managed by the \fBverify\fR(8) server;
+see the ADDRESS_VERIFICATION_README file for details.
+.br
+The
+unverified_sender_reject_code parameter specifies the numerical
+response code when an address is known to bounce (default: 450,
+change into 550 when you are confident that it is safe to do so).
+.br
+The unverified_sender_defer_code specifies the numerical response
+code when an address probe failed due to a temporary problem
+(default: 450).
+.br
+The unverified_sender_tempfail_action parameter
+specifies the action after address probe failure due to a temporary
+problem (default: defer_if_permit).
+.br
+This feature breaks for
+aliased addresses with "enable_original_recipient = no" (Postfix
+<= 3.2).
+.br
+This feature is available in Postfix 2.1 and later.
+.br
+.br
+.PP
+Other restrictions that are valid in this context:
+.IP \(bu
+Generic restrictions that can be used
+in any SMTP command context, described under smtpd_client_restrictions.
+.IP \(bu
+SMTP command specific restrictions described under
+smtpd_client_restrictions and smtpd_helo_restrictions.
+.IP \(bu
+SMTP command specific restrictions described under
+smtpd_recipient_restrictions. When recipient restrictions are listed
+under smtpd_sender_restrictions, they have effect only with
+"smtpd_delay_reject = yes", so that $smtpd_sender_restrictions is
+evaluated at the time of the RCPT TO command.
+.br
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+smtpd_sender_restrictions = reject_unknown_sender_domain
+smtpd_sender_restrictions = reject_unknown_sender_domain,
+ check_sender_access hash:/etc/postfix/access
+.fi
+.ad
+.ft R
+.SH smtpd_service_name (default: smtpd)
+The internal service that \fBpostscreen\fR(8) hands off allowed
+connections to. In a future version there may be different
+classes of SMTP service.
+.PP
+This feature is available in Postfix 2.8.
+.SH smtpd_soft_error_limit (default: 10)
+The number of errors a remote SMTP client is allowed to make without
+delivering mail before the Postfix SMTP server slows down all its
+responses.
+.IP \(bu
+With Postfix version 2.1 and later, when the error count
+is > $smtpd_soft_error_limit, the Postfix SMTP server
+delays all responses by $smtpd_error_sleep_time.
+.IP \(bu
+With Postfix versions 2.0 and earlier, when the error count
+is > $smtpd_soft_error_limit, the Postfix SMTP server delays all
+responses by the larger of (number of errors) seconds or
+$smtpd_error_sleep_time.
+.IP \(bu
+With Postfix versions 2.0 and earlier, when the error count
+is <= $smtpd_soft_error_limit, the Postfix SMTP server delays 4XX
+and 5XX responses by $smtpd_error_sleep_time.
+.br
+.SH smtpd_starttls_timeout (default: see "postconf \-d" output)
+The time limit for Postfix SMTP server write and read operations
+during TLS startup and shutdown handshake procedures. The current
+default value is stress\-dependent. Before Postfix version 2.8, it
+was fixed at 300s.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtpd_timeout (default: normal: 300s, overload: 10s)
+When the Postfix SMTP server wants to send an SMTP server
+response, how long the Postfix SMTP server will wait for an underlying
+network write operation to complete; and when the Postfix SMTP
+server Postfix wants to receive an SMTP client request, how long
+the Postfix SMTP server will wait for an underlying network read
+operation to complete. See the smtpd_per_request_deadline for how
+this time limit may be enforced (with Postfix 2.9\-3.6 see
+smtpd_per_record_deadline).
+.PP
+Normally the default limit
+is 300s, but it changes under overload to just 10s. With Postfix
+2.5 and earlier, the SMTP server always uses a time limit of 300s
+by default.
+.PP
+Note: if you set SMTP time limits to very large values you may have
+to update the global ipc_timeout parameter.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH smtpd_tls_CAfile (default: empty)
+A file containing (PEM format) CA certificates of root CAs trusted
+to sign either remote SMTP client certificates or intermediate CA
+certificates. These are loaded into memory before the \fBsmtpd\fR(8) server
+enters the chroot jail. If the number of trusted roots is large, consider
+using smtpd_tls_CApath instead, but note that the latter directory must
+be present in the chroot jail if the \fBsmtpd\fR(8) server is chrooted. This
+file may also be used to augment the server certificate trust chain,
+but it is best to include all the required certificates directly in the
+server certificate file.
+.PP
+Specify "smtpd_tls_CAfile = /path/to/system_CA_file" to use ONLY
+the system\-supplied default Certification Authority certificates.
+.PP
+Specify "tls_append_default_CA = no" to prevent Postfix from
+appending the system\-supplied default CAs and trusting third\-party
+certificates.
+.PP
+By default (see smtpd_tls_ask_ccert), client certificates are not
+requested, and smtpd_tls_CAfile should remain empty. If you do make use
+of client certificates, the distinguished names (DNs) of the Certification
+Authorities listed in smtpd_tls_CAfile are sent to the remote SMTP client
+in the client certificate request message. MUAs with multiple client
+certificates may use the list of preferred Certification Authorities
+to select the correct client certificate. You may want to put your
+"preferred" CA or CAs in this file, and install other trusted CAs in
+$smtpd_tls_CApath.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtpd_tls_CAfile = /etc/postfix/CAcert.pem
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtpd_tls_CApath (default: empty)
+A directory containing (PEM format) CA certificates of root CAs
+trusted to sign either remote SMTP client certificates or intermediate CA
+certificates. Do not forget to create the necessary "hash" links with,
+for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". To use
+smtpd_tls_CApath in chroot mode, this directory (or a copy) must be
+inside the chroot jail.
+.PP
+Specify "smtpd_tls_CApath = /path/to/system_CA_directory" to
+use ONLY the system\-supplied default Certification Authority certificates.
+.PP
+Specify "tls_append_default_CA = no" to prevent Postfix from
+appending the system\-supplied default CAs and trusting third\-party
+certificates.
+.PP
+By default (see smtpd_tls_ask_ccert), client certificates are
+not requested, and smtpd_tls_CApath should remain empty. In contrast
+to smtpd_tls_CAfile, DNs of Certification Authorities installed
+in $smtpd_tls_CApath are not included in the client certificate
+request message. MUAs with multiple client certificates may use the
+list of preferred Certification Authorities to select the correct
+client certificate. You may want to put your "preferred" CA or
+CAs in $smtpd_tls_CAfile, and install the remaining trusted CAs in
+$smtpd_tls_CApath.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtpd_tls_CApath = /etc/postfix/certs
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtpd_tls_always_issue_session_ids (default: yes)
+Force the Postfix SMTP server to issue a TLS session id, even
+when TLS session caching is turned off (smtpd_tls_session_cache_database
+is empty). This behavior is compatible with Postfix < 2.3.
+.PP
+With Postfix 2.3 and later the Postfix SMTP server can disable
+session id generation when TLS session caching is turned off. This
+keeps remote SMTP clients from caching sessions that almost certainly cannot
+be re\-used.
+.PP
+By default, the Postfix SMTP server always generates TLS session
+ids. This works around a known defect in mail client applications
+such as MS Outlook, and may also prevent interoperability issues
+with other MTAs.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtpd_tls_always_issue_session_ids = no
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH smtpd_tls_ask_ccert (default: no)
+Ask a remote SMTP client for a client certificate. This
+information is needed for certificate based mail relaying with,
+for example, the permit_tls_clientcerts feature.
+.PP
+Some clients such as Netscape will either complain if no
+certificate is available (for the list of CAs in $smtpd_tls_CAfile)
+or will offer multiple client certificates to choose from. This
+may be annoying, so this option is "off" by default.
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtpd_tls_auth_only (default: no)
+When TLS encryption is optional in the Postfix SMTP server, do
+not announce or accept SASL authentication over unencrypted
+connections.
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtpd_tls_ccert_verifydepth (default: 9)
+The verification depth for remote SMTP client certificates. A
+depth of 1 is sufficient if the issuing CA is listed in a local CA
+file.
+.PP
+The default verification depth is 9 (the OpenSSL default) for
+compatibility with earlier Postfix behavior. Prior to Postfix 2.5,
+the default value was 5, but the limit was not actually enforced. If
+you have set this to a lower non\-default value, certificates with longer
+trust chains may now fail to verify. Certificate chains with 1 or 2
+CAs are common, deeper chains are more rare and any number between 5
+and 9 should suffice in practice. You can choose a lower number if,
+for example, you trust certificates directly signed by an issuing CA
+but not any CAs it delegates to.
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtpd_tls_cert_file (default: empty)
+File with the Postfix SMTP server RSA certificate in PEM format.
+This file may also contain the Postfix SMTP server private RSA key.
+With Postfix >= 3.4 the preferred way to configure server keys and
+certificates is via the "smtpd_tls_chain_files" parameter.
+.PP
+Public Internet MX hosts without certificates signed by a "reputable"
+CA must generate, and be prepared to present to most clients, a
+self\-signed or private\-CA signed certificate. The client will not be
+able to authenticate the server, but unless it is running Postfix 2.3 or
+similar software, it will still insist on a server certificate.
+.PP
+For servers that are \fBnot\fR public Internet MX hosts, Postfix
+supports configurations with no certificates. This entails the use of
+just the anonymous TLS ciphers, which are not supported by typical SMTP
+clients. Since some clients may not fall back to plain text after a TLS
+handshake failure, a certificate\-less Postfix SMTP server will be unable
+to receive email from some TLS\-enabled clients. To avoid accidental
+configurations with no certificates, Postfix enables certificate\-less
+operation only when the administrator explicitly sets
+"smtpd_tls_cert_file = none". This ensures that new Postfix SMTP server
+configurations will not accidentally enable TLS without certificates.
+.PP
+Note that server certificates are not optional in TLS 1.3. To run
+without certificates you'd have to disable the TLS 1.3 protocol by
+including '!TLSv1.3' in "smtpd_tls_protocols" and perhaps also
+"smtpd_tls_mandatory_protocols". It is simpler instead to just
+configure a certificate chain. Certificate\-less operation is not
+recommended.
+.PP
+Both RSA and DSA certificates are supported. When both types
+are present, the cipher used determines which certificate will be
+presented to the client. For Netscape and OpenSSL clients without
+special cipher choices the RSA certificate is preferred.
+.PP
+To enable a remote SMTP client to verify the Postfix SMTP server
+certificate, the issuing CA certificates must be made available to the
+client. You should include the required certificates in the server
+certificate file, the server certificate first, then the issuing
+CA(s) (bottom\-up order).
+.PP
+Example: the certificate for "server.example.com" was issued by
+"intermediate CA" which itself has a certificate of "root CA".
+Create the server.pem file with "cat server_cert.pem intermediate_CA.pem
+root_CA.pem > server.pem".
+.PP
+If you also want to verify client certificates issued by these
+CAs, you can add the CA certificates to the smtpd_tls_CAfile, in which
+case it is not necessary to have them in the smtpd_tls_cert_file,
+smtpd_tls_dcert_file (obsolete) or smtpd_tls_eccert_file.
+.PP
+A certificate supplied here must be usable as an SSL server certificate
+and hence pass the "openssl verify \-purpose sslserver ..." test.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtpd_tls_cert_file = /etc/postfix/server.pem
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtpd_tls_chain_files (default: empty)
+List of one or more PEM files, each holding one or more private keys
+directly followed by a corresponding certificate chain. The file names
+are separated by commas and/or whitespace. This parameter obsoletes the
+legacy algorithm\-specific key and certificate file settings. When this
+parameter is non\-empty, the legacy parameters are ignored, and a warning
+is logged if any are also non\-empty.
+.PP
+With the proliferation of multiple private key algorithms-which,
+as of OpenSSL 1.1.1, include DSA (obsolete), RSA, ECDSA, Ed25519
+and Ed448-it is increasingly impractical to use separate
+parameters to configure the key and certificate chain for each
+algorithm. Therefore, Postfix now supports storing multiple keys and
+corresponding certificate chains in a single file or in a set of files.
+.PP
+Each key must appear \fBimmediately before\fR the corresponding
+certificate, optionally followed by additional issuer certificates that
+complete the certificate chain for that key. When multiple files are
+specified, they are equivalent to a single file that is concatenated
+from those files in the given order. Thus, while a key must always
+precede its certificate and issuer chain, it can be in a separate file,
+so long as that file is listed immediately before the file that holds
+the corresponding certificate chain. Once all the files are
+concatenated, the sequence of PEM objects must be: \fIkey1, cert1,
+[chain1], key2, cert2, [chain2], ..., keyN, certN, [chainN].\fR
+.PP
+Storing the private key in the same file as the corresponding
+certificate is more reliable. With the key and certificate in separate
+files, there is a chance that during key rollover a Postfix process
+might load a private key and certificate from separate files that don't
+match. Various operational errors may even result in a persistent
+broken configuration in which the certificate does not match the private
+key.
+.PP
+The file or files must contain at most one key of each type. If,
+for example, two or more RSA keys and corresponding chains are listed,
+depending on the version of OpenSSL either only the last one will be
+used or a configuration error may be detected. Note that while
+"Ed25519" and "Ed448" are considered separate algorithms, the various
+ECDSA curves (typically one of prime256v1, secp384r1 or secp521r1) are
+considered as different parameters of a single "ECDSA" algorithm, so it
+is not presently possible to configure keys for more than one ECDSA
+curve.
+.PP
+RSA is still the most widely supported algorithm. Presently (late
+2018), ECDSA support is common, but not yet universal, and Ed25519 and
+Ed448 support is mostly absent. Therefore, an RSA key should generally
+be configured, along with any additional keys for the other algorithms
+when desired.
+.PP
+Example (separate files for each key and corresponding certificate chain):
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ smtpd_tls_chain_files =
+ ${config_directory}/ed25519.pem,
+ ${config_directory}/ed448.pem,
+ ${config_directory}/rsa.pem
+.fi
+.ad
+.ft R
+.in -4
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/ed25519.pem:
+ \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-
+ MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3
+ \-\-\-\-\-END PRIVATE KEY\-\-\-\-\-
+ \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+ MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG
+ ...
+ nC0egv51YPDWxEHom4QA
+ \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+.fi
+.ad
+.ft R
+.in -4
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/ed448.pem:
+ \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-
+ MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe
+ LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A==
+ \-\-\-\-\-END PRIVATE KEY\-\-\-\-\-
+ \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+ MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG
+ ...
+ pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA
+ \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+.fi
+.ad
+.ft R
+.in -4
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/rsa.pem:
+ \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-
+ MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL
+ ...
+ ahQkZ3+krcaJvDSMgvu0tDc=
+ \-\-\-\-\-END PRIVATE KEY\-\-\-\-\-
+ \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+ MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL
+ ...
+ Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE=
+ \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+.fi
+.ad
+.ft R
+.in -4
+.PP
+Example (all keys and certificates in a single file):
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ smtpd_tls_chain_files = ${config_directory}/chains.pem
+.fi
+.ad
+.ft R
+.in -4
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/chains.pem:
+ \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-
+ MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3
+ \-\-\-\-\-END PRIVATE KEY\-\-\-\-\-
+ \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+ MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG
+ ...
+ nC0egv51YPDWxEHom4QA
+ \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+ \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-
+ MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe
+ LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A==
+ \-\-\-\-\-END PRIVATE KEY\-\-\-\-\-
+ \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+ MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG
+ ...
+ pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA
+ \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+ \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-
+ MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL
+ ...
+ ahQkZ3+krcaJvDSMgvu0tDc=
+ \-\-\-\-\-END PRIVATE KEY\-\-\-\-\-
+ \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+ MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL
+ ...
+ Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE=
+ \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+.fi
+.ad
+.ft R
+.in -4
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH smtpd_tls_cipherlist (default: empty)
+Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS
+cipher list. It is easy to create interoperability problems by choosing
+a non\-default cipher list. Do not use a non\-default TLS cipherlist for
+MX hosts on the public Internet. Clients that begin the TLS handshake,
+but are unable to agree on a common cipher, may not be able to send any
+email to the SMTP server. Using a restricted cipher list may be more
+appropriate for a dedicated MSA or an internal mailhub, where one can
+exert some control over the TLS software and settings of the connecting
+clients.
+.PP
+\fBNote:\fR do not use "" quotes around the parameter value.
+.PP
+This feature is available with Postfix version 2.2. It is not used with
+Postfix 2.3 and later; use smtpd_tls_mandatory_ciphers instead.
+.SH smtpd_tls_ciphers (default: medium)
+The minimum TLS cipher grade that the Postfix SMTP server
+will use with opportunistic TLS encryption. Cipher types listed in
+smtpd_tls_exclude_ciphers are excluded from the base definition of
+the selected cipher grade. The default value is "medium" for Postfix
+releases after the middle of 2015, "export" for older releases.
+.PP
+When TLS is mandatory the cipher grade is chosen via the
+smtpd_tls_mandatory_ciphers configuration parameter, see there for syntax
+details.
+.PP
+This feature is available in Postfix 2.6 and later. With earlier Postfix
+releases only the smtpd_tls_mandatory_ciphers parameter is implemented,
+and opportunistic TLS always uses "export" or better (i.e. all) ciphers.
+.SH smtpd_tls_dcert_file (default: empty)
+File with the Postfix SMTP server DSA certificate in PEM format.
+This file may also contain the Postfix SMTP server private DSA key.
+The DSA algorithm is obsolete and should not be used.
+.PP
+See the discussion under smtpd_tls_cert_file for more details.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtpd_tls_dcert_file = /etc/postfix/server\-dsa.pem
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtpd_tls_dh1024_param_file (default: empty)
+File with DH parameters that the Postfix SMTP server should
+use with non\-export EDH ciphers.
+.PP
+With Postfix >= 3.7, built with OpenSSL version is 3.0.0 or later, if the
+parameter value is either empty or "\fBauto\fR", then the DH parameter
+selection is delegated to the OpenSSL library, which selects appropriate
+parameters based on the TLS handshake. This choice is likely to be the most
+interoperable with SMTP clients using various TLS libraries, and custom local
+parameters are no longer recommended when using Postfix >= 3.7 built against
+OpenSSL 3.0.0.
+.PP
+The best\-practice choice of parameters uses a 2048\-bit prime. This is fine,
+despite the historical "1024" in the parameter name. Do not be tempted to use
+much larger values, performance degrades quickly, and you may also cease to
+interoperate with some mainstream SMTP clients. As of Postfix 3.1, the
+compiled\-in default prime is 2048\-bits, and it is not strictly necessary,
+though perhaps somewhat beneficial to generate custom DH parameters.
+.PP
+Instead of using the exact same parameter sets as distributed
+with other TLS packages, it is more secure to generate your own
+set of parameters with something like the following commands:
+.sp
+.in +4
+.nf
+.na
+.ft C
+openssl dhparam \-out /etc/postfix/dh2048.pem 2048
+openssl dhparam \-out /etc/postfix/dh1024.pem 1024
+# As of Postfix 3.6, export\-grade 512\-bit DH parameters are no longer
+# supported or needed.
+openssl dhparam \-out /etc/postfix/dh512.pem 512
+.fi
+.ad
+.ft R
+.in -4
+.PP
+It is safe to share the same DH parameters between multiple
+Postfix instances. If you prefer, you can generate separate
+parameters for each instance.
+.PP
+If you want to take maximal advantage of ciphers that offer forward secrecy see
+the Getting
+started section of FORWARD_SECRECY_README. The
+full document conveniently presents all information about Postfix
+"perfect" forward secrecy support in one place: what forward secrecy
+is, how to tweak settings, and what you can expect to see when
+Postfix uses ciphers with forward secrecy.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtpd_tls_dh512_param_file (default: empty)
+File with DH parameters that the Postfix SMTP server should
+use with export\-grade EDH ciphers. The default SMTP server cipher
+grade is "medium" with Postfix releases after the middle of 2015,
+and as a result export\-grade cipher suites are by default not used.
+.PP
+With Postfix >= 3.6 export\-grade Diffie\-Hellman key exchange
+is no longer supported, and this parameter is silently ignored.
+.PP
+See also the discussion under the smtpd_tls_dh1024_param_file
+configuration parameter.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.2 and later,
+but is ignored in Postfix 3.6 and later.
+.SH smtpd_tls_dkey_file (default: $smtpd_tls_dcert_file)
+File with the Postfix SMTP server DSA private key in PEM format.
+This file may be combined with the Postfix SMTP server DSA certificate
+file specified with $smtpd_tls_dcert_file. The DSA algorithm is obsolete
+and should not be used.
+.PP
+The private key must be accessible without a pass\-phrase, i.e. it
+must not be encrypted. File permissions should grant read\-only
+access to the system superuser account ("root"), and no access
+to anyone else.
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtpd_tls_eccert_file (default: empty)
+File with the Postfix SMTP server ECDSA certificate in PEM format.
+This file may also contain the Postfix SMTP server private ECDSA key.
+With Postfix >= 3.4 the preferred way to configure server keys and
+certificates is via the "smtpd_tls_chain_files" parameter.
+.PP
+See the discussion under smtpd_tls_cert_file for more details.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtpd_tls_eccert_file = /etc/postfix/ecdsa\-scert.pem
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.6 and later, when Postfix is
+compiled and linked with OpenSSL 1.0.0 or later.
+.SH smtpd_tls_eckey_file (default: $smtpd_tls_eccert_file)
+File with the Postfix SMTP server ECDSA private key in PEM format.
+This file may be combined with the Postfix SMTP server ECDSA certificate
+file specified with $smtpd_tls_eccert_file. With Postfix >= 3.4 the
+preferred way to configure server keys and certificates is via the
+"smtpd_tls_chain_files" parameter.
+.PP
+The private key must be accessible without a pass\-phrase, i.e. it
+must not be encrypted. File permissions should grant read\-only
+access to the system superuser account ("root"), and no access
+to anyone else.
+.PP
+This feature is available in Postfix 2.6 and later, when Postfix is
+compiled and linked with OpenSSL 1.0.0 or later.
+.SH smtpd_tls_eecdh_grade (default: see "postconf \-d" output)
+The Postfix SMTP server security grade for ephemeral elliptic\-curve
+Diffie\-Hellman (EECDH) key exchange. As of Postfix 3.6, the value of
+this parameter is always ignored, and Postfix behaves as though the
+\fBauto\fR value (described below) was chosen.
+.PP
+The available choices are:
+.IP "\fBauto\fR"
+Use the most preferred curve that is
+supported by both the client and the server. This setting requires
+Postfix >= 3.2 compiled and linked with OpenSSL >= 1.0.2. This
+is the default setting under the above conditions (and the only
+setting used with Postfix >= 3.6).
+.br
+.IP "\fBnone\fR"
+Don't use EECDH. Ciphers based on EECDH key
+exchange will be disabled. This is the default in Postfix versions
+2.6 and 2.7.
+.br
+.IP "\fBstrong\fR"
+Use EECDH with approximately 128 bits of
+security at a reasonable computational cost. This is the default in
+Postfix versions 2.8-3.5.
+.br
+.IP "\fBultra\fR"
+Use EECDH with approximately 192 bits of
+security at computational cost that is approximately twice as high
+as 128 bit strength ECC.
+.br
+.br
+.PP
+If you want to take maximal advantage of ciphers that offer forward secrecy see
+the Getting
+started section of FORWARD_SECRECY_README. The
+full document conveniently presents all information about Postfix
+"perfect" forward secrecy support in one place: what forward secrecy
+is, how to tweak settings, and what you can expect to see when
+Postfix uses ciphers with forward secrecy.
+.PP
+This feature is available in Postfix 2.6 and later, when it is
+compiled and linked with OpenSSL 1.0.0 or later on platforms
+where EC algorithms have not been disabled by the vendor.
+.SH smtpd_tls_exclude_ciphers (default: empty)
+List of ciphers or cipher types to exclude from the SMTP server
+cipher list at all TLS security levels. Excluding valid ciphers
+can create interoperability problems. DO NOT exclude ciphers unless it
+is essential to do so. This is not an OpenSSL cipherlist; it is a simple
+list separated by whitespace and/or commas. The elements are a single
+cipher, or one or more "+" separated cipher properties, in which case
+only ciphers matching \fBall\fR the properties are excluded.
+.PP
+Examples (some of these will cause problems):
+.sp
+.in +4
+.nf
+.na
+.ft C
+smtpd_tls_exclude_ciphers = aNULL
+smtpd_tls_exclude_ciphers = MD5, DES
+smtpd_tls_exclude_ciphers = DES+MD5
+smtpd_tls_exclude_ciphers = AES256\-SHA, DES\-CBC3\-MD5
+smtpd_tls_exclude_ciphers = kEDH+aRSA
+.fi
+.ad
+.ft R
+.in -4
+.PP
+The first setting disables anonymous ciphers. The next setting
+disables ciphers that use the MD5 digest algorithm or the (single) DES
+encryption algorithm. The next setting disables ciphers that use MD5 and
+DES together. The next setting disables the two ciphers "AES256\-SHA"
+and "DES\-CBC3\-MD5". The last setting disables ciphers that use "EDH"
+key exchange with RSA authentication.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH smtpd_tls_fingerprint_digest (default: see "postconf \-d" output)
+The message digest algorithm to construct remote SMTP client\-certificate
+fingerprints or public key fingerprints (Postfix 2.9 and later) for
+\fBcheck_ccert_access\fR and \fBpermit_tls_clientcerts\fR.
+.PP
+The default algorithm is \fBsha256\fR with Postfix >= 3.6
+and the \fBcompatibility_level\fR set to 3.6 or higher. With Postfix
+<= 3.5, the default algorithm is \fBmd5\fR.
+.PP
+The best\-practice algorithm is now \fBsha256\fR. Recent advances in hash
+function cryptanalysis have led to md5 and sha1 being deprecated in favor of
+sha256. However, as long as there are no known "second pre\-image" attacks
+against the older algorithms, their use in this context, though not
+recommended, is still likely safe.
+.PP
+While additional digest algorithms are often available with OpenSSL's
+libcrypto, only those used by libssl in SSL cipher suites are available to
+Postfix. You'll likely find support for md5, sha1, sha256 and sha512.
+.PP
+To find the fingerprint of a specific certificate file, with a
+specific digest algorithm, run:
+.sp
+.in +4
+.nf
+.na
+.ft C
+$ openssl x509 \-noout \-fingerprint \-\fIdigest\fR \-in \fIcertfile\fR.pem
+.fi
+.ad
+.ft R
+.in -4
+.PP
+The text to the right of "=" sign is the desired fingerprint.
+For example:
+.sp
+.in +4
+.nf
+.na
+.ft C
+$ openssl x509 \-noout \-fingerprint \-sha256 \-in cert.pem
+SHA256 Fingerprint=D4:6A:AB:19:24:...:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A
+.fi
+.ad
+.ft R
+.in -4
+.PP
+To extract the public key fingerprint from an X.509 certificate,
+you need to extract the public key from the certificate and compute
+the appropriate digest of its DER (ASN.1) encoding. With OpenSSL
+the "\-pubkey" option of the "x509" command extracts the public
+key always in "PEM" format. We pipe the result to another OpenSSL
+command that converts the key to DER and then to the "dgst" command
+to compute the fingerprint.
+.PP
+Example:
+.sp
+.in +4
+.nf
+.na
+.ft C
+$ openssl x509 \-in cert.pem \-noout \-pubkey |
+ openssl pkey \-pubin \-outform DER |
+ openssl dgst \-sha256 \-c
+(stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:8b:fc:09:1a:61:98:b5:bc:7c:60:58
+.fi
+.ad
+.ft R
+.in -4
+.PP
+The Postfix SMTP server and client log the peer (leaf) certificate
+fingerprint and public key fingerprint when the TLS loglevel is 2 or
+higher.
+.PP
+Example: client\-certificate access table, with sha256 fingerprints:
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ smtpd_tls_fingerprint_digest = sha256
+ smtpd_client_restrictions =
+ check_ccert_access hash:/etc/postfix/access,
+ reject
+.fi
+.ad
+.ft R
+.nf
+.na
+.ft C
+/etc/postfix/access:
+ # Action folded to next line...
+ AF:88:7C:AD:51:95:6F:36:96:...:01:FB:2E:48:CD:AB:49:25:A2:3B
+ OK
+ 85:16:78:FD:73:6E:CE:70:E0:...:5F:0D:3C:C8:6D:C4:2C:24:59:E1
+ permit_auth_destination
+.fi
+.ad
+.ft R
+.in -4
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH smtpd_tls_key_file (default: $smtpd_tls_cert_file)
+File with the Postfix SMTP server RSA private key in PEM format.
+This file may be combined with the Postfix SMTP server RSA certificate
+file specified with $smtpd_tls_cert_file. With Postfix >= 3.4 the
+preferred way to configure server keys and certificates is via the
+"smtpd_tls_chain_files" parameter.
+.PP
+The private key must be accessible without a pass\-phrase, i.e. it
+must not be encrypted. File permissions should grant read\-only
+access to the system superuser account ("root"), and no access
+to anyone else.
+.SH smtpd_tls_loglevel (default: 0)
+Enable additional Postfix SMTP server logging of TLS activity.
+Each logging level also includes the information that is logged at
+a lower logging level.
+.IP ""
+0 Disable logging of TLS activity.
+.br
+.IP ""
+1 Log only a summary message on TLS handshake completion
+- no logging of client certificate trust\-chain verification errors
+if client certificate verification is not required. With Postfix 2.8 and
+earlier, log the summary message, peer certificate summary information
+and unconditionally log trust\-chain verification errors.
+.br
+.IP ""
+2 Also log levels during TLS negotiation.
+.br
+.IP ""
+3 Also log hexadecimal and ASCII dump of TLS negotiation
+process.
+.br
+.IP ""
+4 Also log hexadecimal and ASCII dump of complete
+transmission after STARTTLS.
+.br
+.br
+.PP
+Do not use "smtpd_tls_loglevel = 2" or higher except in case
+of problems. Use of loglevel 4 is strongly discouraged.
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtpd_tls_mandatory_ciphers (default: medium)
+The minimum TLS cipher grade that the Postfix SMTP server will
+use with mandatory TLS encryption. The default grade ("medium") is
+sufficiently strong that any benefit from globally restricting TLS
+sessions to a more stringent grade is likely negligible, especially
+given the fact that many implementations still do not offer any stronger
+("high" grade) ciphers, while those that do, will always use "high"
+grade ciphers. So insisting on "high" grade ciphers is generally
+counter\-productive. Allowing "export" or "low" ciphers is typically
+not a good idea, as systems limited to just these are limited to
+obsolete browsers. No known SMTP clients fail to support at least
+one "medium" or "high" grade cipher.
+.PP
+The following cipher grades are supported:
+.IP "\fBhigh\fR"
+Enable only "HIGH" grade OpenSSL ciphers. The
+underlying cipherlist is specified via the tls_high_cipherlist
+configuration parameter, which you are strongly encouraged to
+not change.
+.br
+.IP "\fBmedium\fR"
+Enable "MEDIUM" grade or stronger OpenSSL ciphers. These use 128\-bit
+or longer symmetric bulk\-encryption keys. This is the default minimum
+strength for mandatory TLS encryption. The underlying cipherlist is
+specified via the tls_medium_cipherlist configuration parameter, which
+you are strongly encouraged not to change.
+.br
+.IP "\fBnull\fR"
+Enable only the "NULL" OpenSSL ciphers, these provide authentication
+without encryption. This setting is only appropriate in the rare
+case that all clients are prepared to use NULL ciphers (not normally
+enabled in TLS clients). The underlying cipherlist is specified via the
+tls_null_cipherlist configuration parameter, which you are strongly
+encouraged not to change.
+.br
+.IP "\fBlow\fR"
+Enable "LOW" grade or stronger OpenSSL ciphers. In Postfix
+>= 3.8 this cipher grade is always identical to "medium". Recent
+versions of OpenSSL do not support any "LOW" grade ciphers. In
+earlier Postfix releases the underlying cipherlist was specified
+via the tls_low_cipherlist configuration parameter, which you are
+strongly encouraged not to change. This obsolete cipher grade
+SHOULD NOT be used.
+.br
+.IP "\fBexport\fR"
+Enable "EXPORT" grade or stronger OpenSSL ciphers. In Postfix
+>= 3.8 this cipher grade is always identical to "medium". Recent
+versions of OpenSSL do not support any "EXPORT" grade ciphers. In
+earlier Postfix releases the underlying cipherlist was specified
+via the tls_export_cipherlist configuration parameter, which you are
+strongly encouraged not to change. This obsolete cipher grade
+SHOULD NOT be used.
+.br
+.br
+.PP
+Cipher types listed in
+smtpd_tls_mandatory_exclude_ciphers or smtpd_tls_exclude_ciphers are
+excluded from the base definition of the selected cipher grade. See
+smtpd_tls_ciphers for cipher controls that apply to opportunistic
+TLS.
+.PP
+The underlying cipherlists for grades other than "null" include
+anonymous ciphers, but these are automatically filtered out if the
+server is configured to ask for remote SMTP client certificates. You are very
+unlikely to need to take any steps to exclude anonymous ciphers, they
+are excluded automatically as required. If you must exclude anonymous
+ciphers even when Postfix does not need or use peer certificates, set
+"smtpd_tls_exclude_ciphers = aNULL". To exclude anonymous ciphers only
+when TLS is enforced, set "smtpd_tls_mandatory_exclude_ciphers = aNULL".
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH smtpd_tls_mandatory_exclude_ciphers (default: empty)
+Additional list of ciphers or cipher types to exclude from the
+Postfix SMTP server cipher list at mandatory TLS security levels.
+This list
+works in addition to the exclusions listed with smtpd_tls_exclude_ciphers
+(see there for syntax details).
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH smtpd_tls_mandatory_protocols (default: see "postconf \-d" output)
+TLS protocols accepted by the Postfix SMTP server with mandatory TLS
+encryption. If the list is empty, the server supports all available TLS
+protocol versions. A non\-empty value is a list of protocol names to
+include or exclude, separated by whitespace, commas or colons.
+.PP
+The valid protocol names (see \fBSSL_get_version\fR(3)) are "SSLv2",
+"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
+Postfix 3.6, the default value is ">=TLSv1", which sets TLS 1.0 as
+the lowest supported TLS protocol version (see below). Older releases
+use the "!" exclusion syntax, also described below.
+.PP
+As of Postfix 3.6, the preferred way to limit the range of
+acceptable protocols is to set the lowest acceptable TLS protocol
+version and/or the highest acceptable TLS protocol version. To set the
+lower bound include an element of the form: ">=\fIversion\fR" where
+\fIversion\fR is a either one of the TLS protocol names listed above,
+or a hexadecimal number corresponding to the desired TLS protocol
+version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
+bound, use "<=\fIversion\fR". There must be no whitespace between
+the ">=" or "<=" symbols and the protocol name or number.
+.PP
+Hexadecimal protocol numbers make it possible to specify protocol
+bounds for TLS versions that are known to OpenSSL, but might not be
+known to Postfix. They cannot be used with the legacy exclusion syntax.
+Leading "0" or "0x" prefixes are supported, but not required.
+Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
+"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
+upper or lower bound, and a warning will be logged. Hexadecimal
+versions should only be used when Postfix is linked with some future
+version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
+yet support a symbolic name for that protocol version.
+.PP
+Hexadecimal example (Postfix >= 3.6):
+.sp
+.in +4
+.nf
+.na
+.ft C
+# Allow only TLS 1.2 through (hypothetical) TLS 1.4, once supported
+# in some future version of OpenSSL (presently a warning is logged).
+smtpd_tls_mandatory_protocols = >=TLSv1.2, <=0305
+# Allow only TLS 1.2 and up:
+smtpd_tls_mandatory_protocols = >=0x0303
+.fi
+.ad
+.ft R
+.in -4
+.PP
+With Postfix < 3.6 there is no support for a minimum or maximum
+version, and the protocol range is configured via protocol exclusions.
+To require at least TLS 1.0, set "smtpd_tls_mandatory_protocols =
+!SSLv2, !SSLv3". Listing the protocols to include, rather than
+protocols to exclude, is supported, but not recommended. The exclusion
+form more accurately matches the underlying OpenSSL interface.
+.PP
+Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
+this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
+releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2).
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+# Preferred syntax with Postfix >= 3.6:
+smtpd_tls_mandatory_protocols = >=TLSv1.2, <=TLSv1.3
+# Legacy syntax:
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH smtpd_tls_protocols (default: see postconf \-d output)
+TLS protocols accepted by the Postfix SMTP server with opportunistic
+TLS encryption. If the list is empty, the server supports all available
+TLS protocol versions. A non\-empty value is a list of protocol names to
+include or exclude, separated by whitespace, commas or colons.
+.PP
+The valid protocol names (see \fBSSL_get_version\fR(3)) are "SSLv2",
+"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
+Postfix 3.6, the default value is ">=TLSv1", which sets TLS 1.0 as
+the lowest supported TLS protocol version (see below). Older releases
+use the "!" exclusion syntax, also described below.
+.PP
+As of Postfix 3.6, the preferred way to limit the range of
+acceptable protocols is to set the lowest acceptable TLS protocol
+version and/or the highest acceptable TLS protocol version. To set the
+lower bound include an element of the form: ">=\fIversion\fR" where
+\fIversion\fR is a either one of the TLS protocol names listed above,
+or a hexadecimal number corresponding to the desired TLS protocol
+version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
+bound, use "<=\fIversion\fR". There must be no whitespace between
+the ">=" or "<=" symbols and the protocol name or number.
+.PP
+Hexadecimal protocol numbers make it possible to specify protocol
+bounds for TLS versions that are known to OpenSSL, but might not be
+known to Postfix. They cannot be used with the legacy exclusion syntax.
+Leading "0" or "0x" prefixes are supported, but not required.
+Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
+"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
+upper or lower bound, and a warning will be logged. Hexadecimal
+versions should only be used when Postfix is linked with some future
+version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
+yet support a symbolic name for that protocol version.
+.PP
+Hexadecimal example (Postfix >= 3.6):
+.sp
+.in +4
+.nf
+.na
+.ft C
+# Allow only TLS 1.0 through (hypothetical) TLS 1.4, once supported
+# in some future version of OpenSSL (presently a warning is logged).
+smtpd_tls_protocols = >=TLSv1, <=0305
+# Allow only TLS 1.0 and up:
+smtpd_tls_protocols = >=0x0301
+.fi
+.ad
+.ft R
+.in -4
+.PP
+With Postfix < 3.6 there is no support for a minimum or maximum
+version, and the protocol range is configured via protocol exclusions.
+To require at least TLS 1.0, set "smtpd_tls_protocols = !SSLv2, !SSLv3".
+Listing the protocols to include, rather than protocols to exclude, is
+supported, but not recommended. The exclusion form more accurately
+matches the underlying OpenSSL interface.
+.PP
+Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
+this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
+releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2).
+.PP
+Example:
+.nf
+.na
+.ft C
+# Preferred syntax with Postfix >= 3.6:
+smtpd_tls_protocols = >=TLSv1, <=TLSv1.3
+# Legacy syntax:
+smtpd_tls_protocols = !SSLv2, !SSLv3
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.6 and later.
+.SH smtpd_tls_received_header (default: no)
+Request that the Postfix SMTP server produces Received: message
+headers that include information about the protocol and cipher used,
+as well as the remote SMTP client CommonName and client certificate issuer
+CommonName. This is disabled by default, as the information may
+be modified in transit through other mail servers. Only information
+that was recorded by the final destination can be trusted.
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtpd_tls_req_ccert (default: no)
+With mandatory TLS encryption, require a trusted remote SMTP client
+certificate in order to allow TLS connections to proceed. This
+option implies "smtpd_tls_ask_ccert = yes".
+.PP
+When TLS encryption is optional, this setting is ignored with
+a warning written to the mail log.
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtpd_tls_security_level (default: empty)
+The SMTP TLS security level for the Postfix SMTP server; when
+a non\-empty value is specified, this overrides the obsolete parameters
+smtpd_use_tls and smtpd_enforce_tls. This parameter is ignored with
+"smtpd_tls_wrappermode = yes".
+.PP
+Specify one of the following security levels:
+.IP "\fBnone\fR"
+TLS will not be used.
+.br
+.IP "\fBmay\fR"
+Opportunistic TLS: announce STARTTLS support
+to remote SMTP clients, but do not require that clients use TLS encryption.
+.br
+.IP "\fBencrypt\fR"
+Mandatory TLS encryption: announce
+STARTTLS support to remote SMTP clients, and require that clients use TLS
+encryption. According to RFC 2487 this MUST NOT be applied in case
+of a publicly\-referenced SMTP server. Instead, this option should
+be used only on dedicated servers.
+.br
+.br
+.PP
+Note 1: the "fingerprint", "verify" and "secure" levels are not
+supported here.
+The Postfix SMTP server logs a warning and uses "encrypt" instead.
+To verify remote SMTP client certificates, see TLS_README for a discussion
+of the smtpd_tls_ask_ccert, smtpd_tls_req_ccert, and permit_tls_clientcerts
+features.
+.PP
+Note 2: The parameter setting "smtpd_tls_security_level =
+encrypt" implies "smtpd_tls_auth_only = yes".
+.PP
+Note 3: when invoked via "sendmail \-bs", Postfix will never
+offer STARTTLS due to insufficient privileges to access the server
+private key. This is intended behavior.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH smtpd_tls_session_cache_database (default: empty)
+Name of the file containing the optional Postfix SMTP server
+TLS session cache. Specify a database type that supports enumeration,
+such as \fBbtree\fR or \fBsdbm\fR; there is no need to support
+concurrent access. The file is created if it does not exist. The \fBsmtpd\fR(8)
+daemon does not use this parameter directly, rather the cache is
+implemented indirectly in the \fBtlsmgr\fR(8) daemon. This means that
+per\-smtpd\-instance master.cf overrides of this parameter are not
+effective. Note that each of the cache databases supported by \fBtlsmgr\fR(8)
+daemon: $smtpd_tls_session_cache_database, $smtp_tls_session_cache_database
+(and with Postfix 2.3 and later $lmtp_tls_session_cache_database), needs to be
+stored separately. It is not at this time possible to store multiple
+caches in a single database.
+.PP
+Note: \fBdbm\fR databases are not suitable. TLS
+session objects are too large.
+.PP
+As of version 2.5, Postfix no longer uses root privileges when
+opening this file. The file should now be stored under the Postfix\-owned
+data_directory. As a migration aid, an attempt to open the file
+under a non\-Postfix directory is redirected to the Postfix\-owned
+data_directory, and a warning is logged.
+.PP
+As of Postfix 2.11 the preferred mechanism for session resumption
+is RFC 5077 TLS session tickets, which don't require server\-side
+storage. Consequently, for Postfix >= 2.11 this parameter should
+generally be left empty. TLS session tickets require an OpenSSL
+library (at least version 0.9.8h) that provides full support for
+this TLS extension. See also smtpd_tls_session_cache_timeout.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtpd_tls_session_cache_timeout (default: 3600s)
+The expiration time of Postfix SMTP server TLS session cache
+information. A cache cleanup is performed periodically
+every $smtpd_tls_session_cache_timeout seconds. As with
+$smtpd_tls_session_cache_database, this parameter is implemented in the
+\fBtlsmgr\fR(8) daemon and therefore per\-smtpd\-instance master.cf overrides
+are not possible.
+.PP
+As of Postfix 2.11 this setting cannot exceed 100 days. If set
+<= 0, session caching is disabled, not just via the database, but
+also via RFC 5077 TLS session tickets, which don't require server\-side
+storage. If set to a positive value less than 2 minutes, the minimum
+value of 2 minutes is used instead. TLS session tickets require
+an OpenSSL library (at least version 0.9.8h) that provides full
+support for this TLS extension.
+.PP
+Specify a non\-negative time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.2 and later, and updated
+for TLS session ticket support in Postfix 2.11.
+.SH smtpd_tls_wrappermode (default: no)
+Run the Postfix SMTP server in TLS "wrapper" mode,
+instead of using the STARTTLS command.
+.PP
+If you want to support this service, enable a special port in
+master.cf, and specify "\-o smtpd_tls_wrappermode=yes" on the SMTP
+server's command line. Port 465 (submissions/smtps) is reserved for
+this purpose.
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtpd_upstream_proxy_protocol (default: empty)
+The name of the proxy protocol used by an optional before\-smtpd
+proxy agent. When a proxy agent is used, this protocol conveys local
+and remote address and port information. Specify
+"smtpd_upstream_proxy_protocol = haproxy" to enable the haproxy
+protocol; version 2 is supported with Postfix 3.5 and later.
+.PP
+NOTE: To use the nginx proxy with \fBsmtpd\fR(8), enable the XCLIENT
+protocol with smtpd_authorized_xclient_hosts. This supports SASL
+authentication in the proxy agent (Postfix 2.9 and later).
+.PP
+This feature is available in Postfix 2.10 and later.
+.SH smtpd_upstream_proxy_timeout (default: 5s)
+The time limit for the proxy protocol specified with the
+smtpd_upstream_proxy_protocol parameter.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.10 and later.
+.SH smtpd_use_tls (default: no)
+Opportunistic TLS: announce STARTTLS support to remote SMTP clients,
+but do not require that clients use TLS encryption.
+.PP
+Note: when invoked via "\fBsendmail \-bs\fR", Postfix will never offer
+STARTTLS due to insufficient privileges to access the server private
+key. This is intended behavior.
+.PP
+This feature is available in Postfix 2.2 and later. With
+Postfix 2.3 and later use smtpd_tls_security_level instead.
+.SH smtputf8_autodetect_classes (default: sendmail, verify)
+Detect that a message requires SMTPUTF8 support for the specified
+mail origin classes. This is a workaround to avoid chicken\-and\-egg
+problems during the initial SMTPUTF8 roll\-out in environments with
+pre\-existing mail flows that contain UTF8. Those mail flows should
+not break because Postfix suddenly refuses to deliver such mail
+to down\-stream MTAs that don't announce SMTPUTF8 support.
+.PP
+The problem is that Postfix cannot rely solely on the sender's
+declaration that a message requires SMTPUTF8 support, because UTF8
+may be introduced during local processing (for example, the client
+hostname in Postfix's Received: header, adding @$myorigin or
+\&.$mydomain to an incomplete address, address rewriting, alias
+expansion, automatic BCC recipients, local forwarding, and changes
+made by header checks or Milter applications).
+.PP
+For now, the default is to enable "SMTPUTF8 required" autodetection
+only for Postfix sendmail command\-line submissions and address
+verification probes. This may change once SMTPUTF8 support achieves
+world domination. However, sites that add UTF8 content via local
+processing (see above) should autodetect the need for SMTPUTF8
+support for all email.
+.PP
+Specify one or more of the following:
+.IP "\fB sendmail \fR"
+Submission with the Postfix
+\fBsendmail\fR(1) command.
+.br
+.IP "\fB smtpd \fR"
+Mail received with the \fBsmtpd\fR(8)
+daemon.
+.br
+.IP "\fB qmqpd \fR"
+Mail received with the \fBqmqpd\fR(8)
+daemon.
+.br
+.IP "\fB forward \fR"
+Local forwarding or aliasing. When
+a message is received with "SMTPUTF8 required", then the forwarded
+(aliased) message always has "SMTPUTF8 required".
+.br
+.IP "\fB bounce \fR"
+Submission by the \fBbounce\fR(8) daemon.
+When a message is received with "SMTPUTF8 required", then the
+delivery status notification always has "SMTPUTF8 required".
+.br
+.IP "\fB notify \fR"
+Postmaster notification from the
+\fBsmtp\fR(8) or \fBsmtpd\fR(8) daemon.
+.br
+.IP "\fB verify \fR"
+Address verification probe from the
+\fBverify\fR(8) daemon.
+.br
+.IP "\fB all \fR"
+Enable SMTPUTF8 autodetection for all
+mail.
+.br
+.br
+.PP
+This feature is available in Postfix 3.0 and later.
+.SH smtputf8_enable (default: yes)
+Enable preliminary SMTPUTF8 support for the protocols described
+in RFC 6531, RFC 6532, and RFC 6533. This requires that Postfix is
+built to support these protocols.
+.PP
+This feature is available in Postfix 3.0 and later.
+.SH soft_bounce (default: no)
+Safety net to keep mail queued that would otherwise be returned to
+the sender. This parameter disables locally\-generated bounces,
+changes the handling of negative responses from remote servers,
+content filters or plugins,
+and prevents the Postfix SMTP server from rejecting mail permanently
+by changing 5xx reply codes into 4xx. However, soft_bounce is no
+cure for address rewriting mistakes or mail routing mistakes.
+.PP
+Note: "soft_bounce = yes" is in some cases implemented by modifying
+server responses. Therefore, the response that Postfix logs may
+differ from the response that Postfix actually sends or receives.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+soft_bounce = yes
+.fi
+.ad
+.ft R
+.SH stale_lock_time (default: 500s)
+The time after which a stale exclusive mailbox lockfile is removed.
+This is used for delivery to file or mailbox.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH stress (default: empty)
+This feature is documented in the STRESS_README document.
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH strict_7bit_headers (default: no)
+Reject mail with 8\-bit text in message headers. This blocks mail
+from poorly written applications.
+.PP
+This feature should not be enabled on a general purpose mail server,
+because it is likely to reject legitimate email.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH strict_8bitmime (default: no)
+Enable both strict_7bit_headers and strict_8bitmime_body.
+.PP
+This feature should not be enabled on a general purpose mail server,
+because it is likely to reject legitimate email.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH strict_8bitmime_body (default: no)
+Reject 8\-bit message body text without 8\-bit MIME content encoding
+information. This blocks mail from poorly written applications.
+.PP
+Unfortunately, this also rejects majordomo approval requests when
+the included request contains valid 8\-bit MIME mail, and it rejects
+bounces from mailers that do not MIME encapsulate 8\-bit content
+(for example, bounces from qmail or from old versions of Postfix).
+.PP
+This feature should not be enabled on a general purpose mail server,
+because it is likely to reject legitimate email.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH strict_mailbox_ownership (default: yes)
+Defer delivery when a mailbox file is not owned by its recipient.
+The default setting is not backwards compatible.
+.PP
+This feature is available in Postfix 2.5.3 and later.
+.SH strict_mime_encoding_domain (default: no)
+Reject mail with invalid Content\-Transfer\-Encoding: information
+for the message/* or multipart/* MIME content types. This blocks
+mail from poorly written software.
+.PP
+This feature should not be enabled on a general purpose mail server,
+because it will reject mail after a single violation.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH strict_rfc821_envelopes (default: no)
+Require that addresses received in SMTP MAIL FROM and RCPT TO
+commands are enclosed with <>, and that those addresses do
+not contain RFC 822 style comments or phrases. This stops mail
+from poorly written software.
+.PP
+By default, the Postfix SMTP server accepts RFC 822 syntax in MAIL
+FROM and RCPT TO addresses.
+.SH strict_smtputf8 (default: no)
+Enable stricter enforcement of the SMTPUTF8 protocol. The Postfix
+SMTP server accepts UTF8 sender or recipient addresses only when
+the client requests an SMTPUTF8 mail transaction.
+.PP
+This feature is available in Postfix 3.0 and later.
+.SH sun_mailtool_compatibility (default: no)
+Obsolete SUN mailtool compatibility feature. Instead, use
+"mailbox_delivery_lock = dotlock".
+.SH swap_bangpath (default: yes)
+Enable the rewriting of "site!user" into "user@site". This is
+necessary if your machine is connected to UUCP networks. It is
+enabled by default.
+.PP
+Note: with Postfix version 2.2, message header address rewriting
+happens only when one of the following conditions is true:
+.IP \(bu
+The message is received with the Postfix \fBsendmail\fR(1) command,
+.IP \(bu
+The message is received from a network client that matches
+$local_header_rewrite_clients,
+.IP \(bu
+The message is received from the network, and the
+remote_header_rewrite_domain parameter specifies a non\-empty value.
+.br
+.PP
+To get the behavior before Postfix version 2.2, specify
+"local_header_rewrite_clients = static:all".
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+swap_bangpath = no
+.fi
+.ad
+.ft R
+.SH syslog_facility (default: mail)
+The syslog facility of Postfix logging. Specify a facility as
+defined in syslog.\fBconf\fR(5). The default facility is "mail".
+.PP
+Warning: a non\-default syslog_facility setting takes effect only
+after a Postfix process has completed initialization. Errors during
+process initialization will be logged with the default facility.
+Examples are errors while parsing the command line arguments, and
+errors while accessing the Postfix main.cf configuration file.
+.SH syslog_name (default: see "postconf \-d" output)
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Warning: a non\-default syslog_name setting takes effect only after
+a Postfix process has completed initialization. Errors during
+process initialization will be logged with the default name. Examples
+are errors while parsing the command line arguments, and errors
+while accessing the Postfix main.cf configuration file.
+.SH tcp_windowsize (default: 0)
+An optional workaround for routers that break TCP window scaling.
+Specify a value > 0 and < 65536 to enable this feature. With
+Postfix TCP servers (\fBsmtpd\fR(8), \fBqmqpd\fR(8)), this feature is implemented
+by the Postfix \fBmaster\fR(8) daemon.
+.PP
+To change this parameter without stopping Postfix, you need to
+first terminate all Postfix TCP servers:
+.sp
+.in +4
+.nf
+.na
+.ft C
+# postconf \-e master_service_disable=inet
+# postfix reload
+.fi
+.ad
+.ft R
+.in -4
+.PP
+This immediately terminates all processes that accept network
+connections. Next, you enable Postfix TCP servers with the updated
+tcp_windowsize setting:
+.sp
+.in +4
+.nf
+.na
+.ft C
+# postconf \-e tcp_windowsize=65535 master_service_disable=
+# postfix reload
+.fi
+.ad
+.ft R
+.in -4
+.PP
+If you skip these steps with a running Postfix system, then the
+tcp_windowsize change will work only for Postfix TCP clients (\fBsmtp\fR(8),
+\fBlmtp\fR(8)).
+.PP
+This feature is available in Postfix 2.6 and later.
+.SH tls_append_default_CA (default: no)
+Append the system\-supplied default Certification Authority
+certificates to the ones specified with *_tls_CApath or *_tls_CAfile.
+The default is "no"; this prevents Postfix from trusting third\-party
+certificates and giving them relay permission with
+permit_tls_all_clientcerts.
+.PP
+This feature is available in Postfix 2.4.15, 2.5.11, 2.6.8,
+2.7.2 and later versions. Specify "tls_append_default_CA = yes" for
+backwards compatibility, to avoid breaking certificate verification
+with sites that don't use permit_tls_all_clientcerts.
+.SH tls_config_file (default: default)
+Optional configuration file with baseline OpenSSL settings.
+OpenSSL loads any SSL settings found in the configuration file for
+the selected application name (see tls_config_name) or else the
+built\-in application name "openssl_conf" when no application name is
+specified, or no corresponding configuration section is present.
+.PP
+With OpenSSL releases 1.1.1 and 1.1.1a, applications (including
+Postfix) can neither specify an alternative configuration file, nor
+avoid loading the default configuration file.
+.PP
+With OpenSSL 1.1.1b or later, this parameter may be set to one of:
+.IP "\fBdefault\fR (default)"
+Load the system\-wide
+"openssl.cnf" configuration file.
+.br
+.IP "\fBnone\fR (recommended, OpenSSL 1.1.1b or later only)"
+This setting disables loading of the system\-wide "openssl.cnf"
+file.
+.br
+.IP "\fB\fI/absolute\-path\fR\fR (OpenSSL 1.1.1b or later only)"
+Load the configuration file specified by \fI/absolute\-path\fR.
+With this setting it is an error for the file to not contain any
+settings for the selected tls_config_name. There is no fallback to
+the default "openssl_conf" name.
+.br
+.br
+.PP
+Failures in processing of the built\-in default configuration file,
+are silently ignored. Any errors in loading a non\-default configuration
+file are detected by Postfix, and cause TLS support to be disabled.
+.PP
+The OpenSSL configuration file format is not documented here,
+beyond giving two examples.
+.PP
+Example: Default settings for all applications.
+.sp
+.in +4
+.nf
+.na
+.ft C
+# The name 'openssl_conf' is the default application name
+# The section name to the right of the '=' sign is arbitrary,
+# any name will do, so long as it refers to the desired section.
+#
+# The name 'system_default' selects the settings applied internally
+# by the SSL library as part of SSL object creation. Applications
+# can then apply any additional settings of their choice.
+#
+# In this example, TLS versions prior to 1.2 are disabled by default.
+#
+openssl_conf = system_wide_settings
+[system_wide_settings]
+ssl_conf = ssl_library_settings
+[ssl_library_settings]
+system_default = initial_ssl_settings
+[initial_ssl_settings]
+MinProtocol = TLSv1.2
+.fi
+.ad
+.ft R
+.in -4
+.PP
+Example: Custom settings for an application named "postfix".
+.sp
+.in +4
+.nf
+.na
+.ft C
+# The mapping from an application name to the corresponding configuration
+# section must appear near the top of the file, (in what is sometimes called
+# the "default section") prior to the start of any explicitly named
+# "[sections]". The named sections can appear in any order and don't nest.
+#
+postfix = postfix_settings
+[postfix_settings]
+ssl_conf = postfix_ssl_settings
+[postfix_ssl_settings]
+system_default = baseline_postfix_settings
+[baseline_postfix_settings]
+MinProtocol = TLSv1
+.fi
+.ad
+.ft R
+.in -4
+.PP
+This feature is available in Postfix >= 3.9, 3.8.1, 3.7.6,
+3.6.10, and 3.5.20.
+.SH tls_config_name (default: empty)
+The application name passed by Postfix to OpenSSL library
+initialization functions. This name is used to select the desired
+configuration "section" in the OpenSSL configuration file specified
+via the tls_config_file parameter. When empty, or when the
+selected name is not present in the configuration file, the default
+application name ("openssl_conf") is used as a fallback.
+.PP
+This feature is available in Postfix >= 3.9, 3.8.1, 3.7.6,
+3.6.10, and 3.5.20.
+.SH tls_daemon_random_bytes (default: 32)
+The number of pseudo\-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8)
+process requests from the \fBtlsmgr\fR(8) server in order to seed its
+internal pseudo random number generator (PRNG). The default of 32
+bytes (equivalent to 256 bits) is sufficient to generate a 128bit
+(or 168bit) session key.
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH tls_dane_digest_agility (default: on)
+Configure RFC7671 DANE TLSA digest algorithm agility.
+Do not change this setting from its default value.
+.PP
+See Section 8 of RFC7671 for correct key rotation procedures.
+.PP
+This feature is available in Postfix 2.11 through 3.1. Postfix
+3.2 and later ignore this configuration parameter and behave as
+though it were set to "on".
+.SH tls_dane_digests (default: sha512 sha256)
+DANE TLSA (RFC 6698, RFC 7671, RFC 7672) resource\-record "matching
+type" digest algorithms in descending preference order. All the
+specified algorithms must be supported by the underlying OpenSSL
+library, otherwise the Postfix SMTP client will not support DANE
+TLSA security.
+.PP
+Specify a list of digest names separated by commas and/or
+whitespace. Each digest name may be followed by an optional
+"=<number>" suffix. For example, "sha512" may instead be specified
+as "sha512=2" and "sha256" may instead be specified as "sha256=1".
+The optional number must match the <a
+href="https://www.iana.org/assignments/dane\-parameters/dane\-parameters.xhtml#matching\-types"
+>IANA assigned TLSA matching type number the algorithm in question.
+Postfix will check this constraint for the algorithms it knows about.
+Additional matching type algorithms registered with IANA can be added
+with explicit numbers provided they are supported by OpenSSL.
+.PP
+Invalid list elements are logged with a warning and disable DANE
+support. TLSA RRs that specify digests not included in the list are
+ignored with a warning.
+.PP
+Note: It is unwise to omit sha256 from the digest list. This
+digest algorithm is the only mandatory to implement digest algorithm
+in RFC 6698, and many servers are expected to publish TLSA records
+with just sha256 digests. Unless one of the standard digests is
+seriously compromised and servers have had ample time to update their
+TLSA records you should not omit any standard digests, just arrange
+them in order from strongest to weakest.
+.PP
+This feature is available in Postfix 2.11 and later.
+.SH tls_dane_trust_anchor_digest_enable (default: yes)
+Enable support for RFC 6698 (DANE TLSA) DNS records that contain
+digests of trust\-anchors with certificate usage "2". Do not change
+this setting from its default value.
+.PP
+This feature is available in Postfix 2.11 through 3.1. It has
+been withdrawn in Postfix 3.2, as trust\-anchor TLSA records are now
+widely used and have proved sufficiently reliable. Postfix 3.2 and
+later ignore this configuration parameter and behaves as though it
+were set to "yes".
+.SH tls_disable_workarounds (default: see "postconf \-d" output)
+List or bit\-mask of OpenSSL bug work\-arounds to disable.
+.PP
+The OpenSSL toolkit includes a set of work\-arounds for buggy SSL/TLS
+implementations. Applications, such as Postfix, that want to maximize
+interoperability ask the OpenSSL library to enable the full set of
+recommended work\-arounds.
+.PP
+From time to time, it is discovered that a work\-around creates a
+security issue, and should no longer be used. If upgrading OpenSSL
+to a fixed version is not an option or an upgrade is not available
+in a timely manner, or in closed environments where no buggy clients
+or servers exist, it may be appropriate to disable some or all of the
+OpenSSL interoperability work\-arounds. This parameter specifies which
+bug work\-arounds to disable.
+.PP
+If the value of the parameter is a hexadecimal long integer starting
+with "0x", the bug work\-arounds corresponding to the bits specified in
+its value are removed from the \fBSSL_OP_ALL\fR work\-around bit\-mask
+(see openssl/ssl.h and \fBSSL_CTX_set_options\fR(3)). You can specify more
+bits than are present in SSL_OP_ALL, excess bits are ignored. Specifying
+0xFFFFFFFF disables all bug\-workarounds on a 32\-bit system. This should
+also be sufficient on 64\-bit systems, until OpenSSL abandons support
+for 32\-bit systems and starts using the high 32 bits of a 64\-bit
+bug\-workaround mask.
+.PP
+Otherwise, the parameter is a white\-space or comma separated list
+of specific named bug work\-arounds chosen from the list below. It
+is possible that your OpenSSL version includes new bug work\-arounds
+added after your Postfix source code was last updated, in that case
+you can only disable one of these via the hexadecimal syntax above.
+.IP "\fBCRYPTOPRO_TLSEXT_BUG\fR"
+New with GOST support in
+OpenSSL 1.0.0.
+.br
+.IP "\fBDONT_INSERT_EMPTY_FRAGMENTS\fR"
+See
+\fBSSL_CTX_set_options\fR(3)
+.br
+.IP "\fBLEGACY_SERVER_CONNECT\fR"
+See \fBSSL_CTX_set_options\fR(3)
+.br
+.IP "\fBMICROSOFT_BIG_SSLV3_BUFFER\fR"
+See
+\fBSSL_CTX_set_options\fR(3)
+.br
+.IP "\fBMICROSOFT_SESS_ID_BUG\fR"
+See \fBSSL_CTX_set_options\fR(3)
+.br
+.IP "\fBMSIE_SSLV2_RSA_PADDING\fR"
+also aliased as
+\fBCVE\-2005\-2969\fR. Postfix 2.8 disables this work\-around by
+default with OpenSSL versions that may predate the fix. Fixed in
+OpenSSL 0.9.7h and OpenSSL 0.9.8a.
+.br
+.IP "\fBNETSCAPE_CHALLENGE_BUG\fR"
+See \fBSSL_CTX_set_options\fR(3)
+.br
+.IP "\fBNETSCAPE_REUSE_CIPHER_CHANGE_BUG\fR"
+also aliased
+as \fBCVE\-2010\-4180\fR. Postfix 2.8 disables this work\-around by
+default with OpenSSL versions that may predate the fix. Fixed in
+OpenSSL 0.9.8q and OpenSSL 1.0.0c.
+.br
+.IP "\fBSSLEAY_080_CLIENT_DH_BUG\fR"
+See
+\fBSSL_CTX_set_options\fR(3)
+.br
+.IP "\fBSSLREF2_REUSE_CERT_TYPE_BUG\fR"
+See
+\fBSSL_CTX_set_options\fR(3)
+.br
+.IP "\fBTLS_BLOCK_PADDING_BUG\fR"
+See \fBSSL_CTX_set_options\fR(3)
+.br
+.IP "\fBTLS_D5_BUG\fR"
+See \fBSSL_CTX_set_options\fR(3)
+.br
+.IP "\fBTLS_ROLLBACK_BUG\fR"
+See \fBSSL_CTX_set_options\fR(3).
+This is disabled in OpenSSL 0.9.7 and later. Nobody should still
+be using 0.9.6!
+.br
+.IP "\fBTLSEXT_PADDING\fR"
+Postfix >= 3.4. See \fBSSL_CTX_set_options\fR(3).
+.br
+.br
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tls_eecdh_auto_curves (default: see "postconf \-d" output)
+The prioritized list of elliptic curves supported by the Postfix
+SMTP client and server. These curves are used by the Postfix SMTP
+server when "smtpd_tls_eecdh_grade = auto". The selected curves must be
+implemented by OpenSSL and be standardized for use in TLS (RFC 8422).
+It is unwise to list only "bleeding\-edge" curves supported by a small
+subset of clients. The default list is suitable for most users.
+.PP
+Postfix skips curve names that are unknown to OpenSSL, or that
+are known but not yet implemented. This makes it possible to
+"anticipate" support for curves that should be used once they become
+available. In particular, in some OpenSSL versions, the new RFC
+8031 curves "X25519" and "X448" may be known by name, but ECDH
+support for either or both may be missing. These curves may appear
+in the default value of this parameter, even though they'll only
+be usable with later versions of OpenSSL.
+.PP
+See also the "tls_ffdhe_auto_groups" parameter, which supports
+customizing the list of FFDHE groups enabled with TLS 1.3. That setting
+is introduced with Postfix 3.8, when built against OpenSSL 3.0 or later.
+.PP
+This feature is available in Postfix 3.2 and later, when it is
+compiled and linked with OpenSSL 1.0.2 or later on platforms where
+EC algorithms have not been disabled by the vendor.
+.SH tls_eecdh_strong_curve (default: prime256v1)
+The elliptic curve used by the Postfix SMTP server for sensibly
+strong
+ephemeral ECDH key exchange. This curve is used by the Postfix SMTP
+server when "smtpd_tls_eecdh_grade = strong". The phrase "sensibly
+strong" means approximately 128\-bit security based on best known
+attacks. The selected curve must be implemented by OpenSSL (as
+reported by \fBecparam\fR(1) with the "\-list_curves" option) and be one
+of the curves listed in Section 5.1.1 of RFC 8422. You should not
+generally change this setting. Remote SMTP client implementations
+must support this curve for EECDH key exchange to take place. It
+is unwise to choose only "bleeding\-edge" curves supported by only a
+small subset of clients.
+.PP
+The default "strong" curve is rated in NSA Suite
+B for information classified up to SECRET.
+.PP
+Note: elliptic curve names are poorly standardized; different
+standards groups are assigning different names to the same underlying
+curves. The curve with the X9.62 name "prime256v1" is also known
+under the SECG name "secp256r1", but OpenSSL does not recognize the
+latter name.
+.PP
+If you want to take maximal advantage of ciphers that offer forward secrecy see
+the Getting
+started section of FORWARD_SECRECY_README. The
+full document conveniently presents all information about Postfix
+"perfect" forward secrecy support in one place: what forward secrecy
+is, how to tweak settings, and what you can expect to see when
+Postfix uses ciphers with forward secrecy.
+.PP
+This feature is available in Postfix 2.6 and later, when it is
+compiled and linked with OpenSSL 1.0.0 or later on platforms where
+EC algorithms have not been disabled by the vendor.
+.SH tls_eecdh_ultra_curve (default: secp384r1)
+The elliptic curve used by the Postfix SMTP server for maximally
+strong
+ephemeral ECDH key exchange. This curve is used by the Postfix SMTP
+server when "smtpd_tls_eecdh_grade = ultra". The phrase "maximally
+strong" means approximately 192\-bit security based on best known attacks.
+This additional strength comes at a significant computational cost, most
+users should instead set "smtpd_tls_eecdh_grade = strong". The selected
+curve must be implemented by OpenSSL (as reported by \fBecparam\fR(1) with the
+"\-list_curves" option) and be one of the curves listed in Section 5.1.1
+of RFC 8422. You should not generally change this setting. Remote SMTP
+client implementations must support this curve for EECDH key exchange
+to take place. It is unwise to choose only "bleeding\-edge" curves
+supported by only a small subset of clients.
+.PP
+This default "ultra" curve is rated in NSA Suite
+B for information classified up to TOP SECRET.
+.PP
+If you want to take maximal advantage of ciphers that offer forward secrecy see
+the Getting
+started section of FORWARD_SECRECY_README. The
+full document conveniently presents all information about Postfix
+"perfect" forward secrecy support in one place: what forward secrecy
+is, how to tweak settings, and what you can expect to see when
+Postfix uses ciphers with forward secrecy.
+.PP
+This feature is available in Postfix 2.6 and later, when it is
+compiled and linked with OpenSSL 1.0.0 or later on platforms where
+EC algorithms have not been disabled by the vendor.
+.SH tls_export_cipherlist (default: see "postconf \-d" output)
+The OpenSSL cipherlist for "export" or higher grade ciphers.
+Ignored as of Postfix 3.8. In earlier Postfix releases this
+defined the meaning of the "export" setting in smtpd_tls_ciphers,
+smtpd_tls_mandatory_ciphers, smtp_tls_ciphers,
+smtp_tls_mandatory_ciphers, lmtp_tls_ciphers, and
+lmtp_tls_mandatory_ciphers. You are strongly encouraged not to
+change this setting.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH tls_fast_shutdown_enable (default: yes)
+A workaround for implementations that hang Postfix while shutting
+down a TLS session, until Postfix times out. With this enabled,
+Postfix will not wait for the remote TLS peer to respond to a TLS
+\&'close' notification. This behavior is recommended for TLSv1.0 and
+later.
+.SH tls_ffdhe_auto_groups (default: see "postconf \-d" output)
+The prioritized list of finite\-field Diffie\-Hellman ephemeral
+(FFDHE) key exchange groups supported by the Postfix SMTP client and
+server. OpenSSL 3.0 adds support for FFDHE key agreement in TLS 1.3.
+In OpenSSL 1.1.1, TLS 1.3 was only supported with elliptic\-curve based
+key agreement. The "tls_ffdhe_auto_groups" parameter makes it possible
+to configure the list of FFDHE groups that the Postfix client or server
+will enable in OpenSSL 3.0 and up. This parameter has no effect when
+Postfix is built against earlier OpenSSL versions.
+.PP
+The default list of FFDHE groups that Postfix enables in OpenSSL 3.0
+and up includes just the 2048 and 3072\-bit groups. Stronger FFDHE
+groups perform poorly and EC groups are a much better choice for the
+same security level. Postfix ignores group names that are unknown to
+OpenSSL, or that are known but not yet implemented. The FFDHE groups
+are largely a backup, in case some peer does not support EC key
+exchange, or EC key exchange needs to be disabled for some pressing
+reason.
+.PP
+Setting this parameter empty disables FFDHE support in TLS 1.3.
+Whether FFDHE key agreement is enabled in TLS 1.2 and earlier depends
+on whether any of the "kDHE" ciphers are included in the cipherlist.
+.PP
+Conversely, setting "tls_eecdh_auto_curves" empty disables TLS 1.3
+EC key agreement in OpenSSL 3.0 and later. Note that at least one of
+"tls_eecdh_auto_curves" and "tls_ffdhe_auto_groups" must be non\-empty,
+this is required by OpenSSL 3.0. If both are inadvertently set empty,
+Postfix will fall back to the compiled\-in defaults.
+.PP
+All the default groups and EC curves should sufficiently strong
+to make "pruning" the defaults unwise. At a minimum, "X25519" and
+"P\-256" (a.k.a. "prime256v1") should be among the enabled EC curves,
+while "dhe2048" and "dhe3072" should be among the FFDHE groups.
+.PP
+This feature is available in Postfix 3.8 and later, when it is
+compiled and linked with OpenSSL 3.0 or later.
+.SH tls_high_cipherlist (default: see "postconf \-d" output)
+The OpenSSL cipherlist for "high" grade ciphers. This defines
+the meaning of the "high" setting in smtpd_tls_ciphers,
+smtpd_tls_mandatory_ciphers, smtp_tls_ciphers, smtp_tls_mandatory_ciphers,
+lmtp_tls_ciphers, and lmtp_tls_mandatory_ciphers. You are strongly
+encouraged not to change this setting.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH tls_legacy_public_key_fingerprints (default: no)
+A temporary migration aid for sites that use certificate
+\fIpublic\-key\fR fingerprints with Postfix 2.9.0..2.9.5, which use
+an incorrect algorithm. This parameter has no effect on the certificate
+fingerprint support that is available since Postfix 2.2.
+.PP
+Specify "tls_legacy_public_key_fingerprints = yes" temporarily,
+pending a migration from configuration files with incorrect Postfix
+2.9.0..2.9.5 certificate public\-key finger prints, to the correct
+fingerprints used by Postfix 2.9.6 and later. To compute the correct
+certificate public\-key fingerprints, see TLS_README.
+.PP
+This feature is available in Postfix 2.9.6 and later.
+.SH tls_low_cipherlist (default: see "postconf \-d" output)
+The OpenSSL cipherlist for "low" or higher grade ciphers.
+Ignored as of Postfix 3.8. In earlier Postfix releases this
+defined the meaning of the "low" setting in smtpd_tls_ciphers,
+smtpd_tls_mandatory_ciphers, smtp_tls_ciphers,
+smtp_tls_mandatory_ciphers, lmtp_tls_ciphers, and
+lmtp_tls_mandatory_ciphers. You are strongly encouraged not to
+change this setting.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH tls_medium_cipherlist (default: see "postconf \-d" output)
+The OpenSSL cipherlist for "medium" or higher grade ciphers. This
+defines the meaning of the "medium" setting in smtpd_tls_ciphers,
+smtpd_tls_mandatory_ciphers, smtp_tls_ciphers, smtp_tls_mandatory_ciphers,
+lmtp_tls_ciphers, and lmtp_tls_mandatory_ciphers. This is the
+default cipherlist for mandatory TLS encryption in the TLS client
+(with anonymous ciphers disabled when verifying server certificates).
+This is the default cipherlist for opportunistic TLS with Postfix
+releases after the middle of 2015. You are strongly encouraged not
+to change this setting.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH tls_null_cipherlist (default: eNULL:!aNULL)
+The OpenSSL cipherlist for "NULL" grade ciphers that provide
+authentication without encryption. This defines the meaning of the "null"
+setting in smtpd_tls_mandatory_ciphers, smtp_tls_mandatory_ciphers and
+lmtp_tls_mandatory_ciphers. You are strongly encouraged not to
+change this setting.
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH tls_preempt_cipherlist (default: no)
+With SSLv3 and later, use the Postfix SMTP server's cipher
+preference order instead of the remote client's cipher preference
+order.
+.PP
+By default, the OpenSSL server selects the client's most preferred
+cipher that the server supports. With SSLv3 and later, the server may
+choose its own most preferred cipher that is supported (offered) by
+the client. Setting "tls_preempt_cipherlist = yes" enables server cipher
+preferences.
+.PP
+While server cipher selection may in some cases lead to a more secure
+or performant cipher choice, there is some risk of interoperability
+issues. In the past, some SSL clients have listed lower priority ciphers
+that they did not implement correctly. If the server chooses a cipher
+that the client prefers less, it may select a cipher whose client
+implementation is flawed. Most notably Windows 2003 Microsoft
+Exchange servers have flawed implementations of DES\-CBC3\-SHA, which
+OpenSSL considers stronger than RC4\-SHA. Enabling server cipher\-suite
+selection may create interoperability issues with Windows 2003
+Microsoft Exchange clients.
+.PP
+This feature is available in Postfix 2.8 and later, in combination
+with OpenSSL 0.9.7 and later.
+.SH tls_random_bytes (default: 32)
+The number of bytes that \fBtlsmgr\fR(8) reads from $tls_random_source
+when (re)seeding the in\-memory pseudo random number generator (PRNG)
+pool. The default of 32 bytes (256 bits) is good enough for 128bit
+symmetric keys. If using EGD or a device file, a maximum of 255
+bytes is read.
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH tls_random_exchange_name (default: see "postconf \-d" output)
+Name of the pseudo random number generator (PRNG) state file
+that is maintained by \fBtlsmgr\fR(8). The file is created when it does
+not exist, and its length is fixed at 1024 bytes.
+.PP
+As of version 2.5, Postfix no longer uses root privileges when
+opening this file, and the default file location was changed from
+${config_directory}/prng_exch to ${data_directory}/prng_exch. As
+a migration aid, an attempt to open the file under a non\-Postfix
+directory is redirected to the Postfix\-owned data_directory, and a
+warning is logged.
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH tls_random_prng_update_period (default: 3600s)
+The time between attempts by \fBtlsmgr\fR(8) to save the state of
+the pseudo random number generator (PRNG) to the file specified
+with $tls_random_exchange_name.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH tls_random_reseed_period (default: 3600s)
+The maximal time between attempts by \fBtlsmgr\fR(8) to re\-seed the
+in\-memory pseudo random number generator (PRNG) pool from external
+sources. The actual time between re\-seeding attempts is calculated
+using the PRNG, and is between 0 and the time specified.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH tls_random_source (default: see "postconf \-d" output)
+The external entropy source for the in\-memory \fBtlsmgr\fR(8) pseudo
+random number generator (PRNG) pool. Be sure to specify a non\-blocking
+source. If this source is not a regular file, the entropy source
+type must be prepended: egd:/path/to/egd_socket for a source with
+EGD compatible socket interface, or dev:/path/to/device for a
+device file.
+.PP
+Note: on OpenBSD systems specify dev:/dev/arandom when dev:/dev/urandom
+gives timeout errors.
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH tls_server_sni_maps (default: empty)
+Optional lookup tables that map names received from remote SMTP
+clients via the TLS Server Name Indication (SNI) extension to the
+appropriate keys and certificate chains. This parameter is implemented
+in the Postfix TLS library, and applies to both \fBsmtpd\fR(8) and the SMTP
+server mode of \fBtlsproxy\fR(8).
+.PP
+When this parameter is non\-empty, the Postfix SMTP server enables
+SNI extension processing, and logs SNI values that are invalid or
+don't match an entry in the specified tables. When an entry
+does match, the SNI name is logged as part of the connection summary
+at log levels 1 and higher.
+.PP
+The lookup key is either the verbatim SNI domain name or an
+ancestor domain prefixed with a leading dot. For internationalized
+domains, the lookup key must be in IDNA 2008 A\-label form (as
+required in the TLS SNI extension).
+.PP
+The syntax of the lookup value is the same as with the
+smtp_tls_chain_files parameter (see there for additional details),
+but here scoped to just TLS connections in which the client sends
+a matching SNI domain name.
+.PP
+Example:
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ #
+ # The indexed SNI table must be created with "postmap \-F"
+ #
+ indexed = ${default_database_type}:${config_directory}/
+ tls_server_sni_maps = ${indexed}sni
+.fi
+.ad
+.ft R
+.in -4
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/sni:
+ #
+ # The example.com domain has both an RSA and ECDSA certificate
+ # chain. The chain files MUST start with the private key,
+ # with the certificate chain next, starting with the leaf
+ # (server) certificate, and then the issuer certificates.
+ #
+ example.com /etc/postfix/sni\-chains/rsa2048.example.com.pem,
+ /etc/postfix/sni\-chains/ecdsa\-p256.example.com.pem
+ #
+ # The example.net domain has a wildcard certificate, and two
+ # additional DNS names. So its certificate chain is also used
+ # with any subdomain, plus the additional names.
+ #
+ example.net /etc/postfix/sni\-chains/example.net.pem
+ .example.net /etc/postfix/sni\-chains/example.net.pem
+ example.info /etc/postfix/sni\-chains/example.net.pem
+ example.org /etc/postfix/sni\-chains/example.net.pem
+.fi
+.ad
+.ft R
+.in -4
+.PP
+Note that the SNI lookup tables should also have entries for
+the domains that correspond to the Postfix SMTP server's default
+certificate(s). This ensures that the remote SMTP client's TLS SNI
+extension gets a positive response when it specifies one of the
+Postfix SMTP server's default domains, and ensures that the Postfix
+SMTP server will not log an SNI name mismatch for such a domain.
+The Postfix SMTP server's default certificates are then only used
+when the client sends no SNI or when it sends SNI with a domain
+that the server knows no certificate(s) for.
+.PP
+The mapping from an SNI domain name to a certificate chain is indirect. In
+the input source files for "cdb", "hash", "btree" or other tables that are
+converted to on\-disk indexed files via \fBpostmap\fR(1), the value specified for each
+key is a list of filenames. When \fBpostmap\fR(1) is used with the \fB\-F\fR option,
+the generated table stores for each lookup key the base64\-encoded contents of
+the associated files. When querying tables via \fBpostmap \-Fq\fR, the table
+value is decoded from base64, yielding the original file content, plus a new
+line.
+.PP
+With "regexp", "pcre", "inline", "texthash", "static" and similar
+tables that are interpreted at run\-time, and don't have a separate
+source format, the table value is again a list files, that are loaded
+into memory when the table is opened.
+.PP
+With tables whose content is managed outside of Postfix, such
+as LDAP, MySQL, PostgreSQL, socketmap and tcp, the value must be a
+concatenation of the desired PEM keys and certificate chains, that
+is then further encoded to yield a single\-line base64 string.
+Creation of such tables and secure storage (the value includes
+private key material) are outside the responsibility of Postfix.
+.PP
+With "socketmap" and "tcp" the data will be transmitted in the clear, and
+there is no query access control, so these are generally unsuitable for storing
+SNI chains. With LDAP and SQL, you should restrict read access and use TLS to
+protect the sensitive data in transit.
+.PP
+Typically there is only one private key and its chain of certificates
+starting with the "leaf" certificate corresponding to that key, and
+continuing with the appropriate intermediate issuer CA certificates,
+with each certificate ideally followed by its issuer. Servers
+that have keys and certificates for more than one algorithm (e.g.
+both an RSA key and an ECDSA key, or even RSA, ECDSA and Ed25519)
+can use multiple chains concatenated together, with the key always
+listed before the corresponding certificates.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH tls_session_ticket_cipher (default: Postfix >= 3.0: aes\-256\-cbc, Postfix < 3.0: aes\-128\-cbc)
+Algorithm used to encrypt RFC5077 TLS session tickets. This
+algorithm must use CBC mode, have a 128\-bit block size, and must
+have a key length between 128 and 256 bits. The default is
+aes\-256\-cbc. Overriding the default to choose a different algorithm
+is discouraged.
+.PP
+Setting this parameter empty disables session ticket support
+in the Postfix SMTP server. Another way to disable session ticket
+support is via the tls_ssl_options parameter.
+.PP
+This feature is available in Postfix 3.0 and later.
+.SH tls_ssl_options (default: empty)
+List or bit\-mask of OpenSSL options to enable.
+.PP
+The OpenSSL toolkit provides a set of options that applications
+can enable to tune the OpenSSL behavior. Some of these work around
+bugs in other implementations and are on by default. You can use
+the tls_disable_workarounds parameter to selectively disable some
+or all of the bug work\-arounds, making OpenSSL more strict at the
+cost of non\-interoperability with SSL clients or servers that exhibit
+the bugs.
+.PP
+Other options are off by default, and typically enable or disable
+features rather than bug work\-arounds. These may be turned on (with
+care) via the tls_ssl_options parameter. The value is a white\-space
+or comma separated list of named options chosen from the list below.
+The names are not case\-sensitive, you can use lower\-case if you
+prefer. The upper case values below match the corresponding macro
+name in the ssl.h header file with the SSL_OP_ prefix removed. It
+is possible that your OpenSSL version includes new options added
+after your Postfix source code was last updated, in that case you
+can only enable one of these via the hexadecimal syntax below.
+.PP
+You should only enable features via the hexadecimal mask when
+the need to control the feature is critical (to deal with a new
+vulnerability or a serious interoperability problem). Postfix DOES
+NOT promise backwards compatible behavior with respect to the mask
+bits. A feature enabled via the mask in one release may be enabled
+by other means in a later release, and the mask bit will then be
+ignored. Therefore, use of the hexadecimal mask is only a temporary
+measure until a new Postfix or OpenSSL release provides a better
+solution.
+.PP
+If the value of the parameter is a hexadecimal long integer
+starting with "0x", the options corresponding to the bits specified
+in its value are enabled (see openssl/ssl.h and \fBSSL_CTX_set_options\fR(3)).
+You can only enable options not already controlled by other Postfix
+settings. For example, you cannot disable protocols or enable
+server cipher preference. Do not attempt to enable all features by
+specifying 0xFFFFFFFF, this is unlikely to be a good idea. Some
+bug work\-arounds are also valid here, allowing them to be re\-enabled
+if/when they're no longer enabled by default. The supported values
+include:
+.IP "\fBENABLE_MIDDLEBOX_COMPAT\fR"
+Postfix >= 3.4. See
+\fBSSL_CTX_set_options\fR(3).
+.br
+.IP "\fBLEGACY_SERVER_CONNECT\fR"
+See \fBSSL_CTX_set_options\fR(3).
+.br
+.IP "\fBNO_TICKET\fR"
+Enabled by default when needed in
+fully\-patched Postfix >= 2.7. Not needed at all for Postfix >=
+2.11, unless for some reason you do not want to support TLS session
+resumption. Best not set explicitly. See \fBSSL_CTX_set_options\fR(3).
+.br
+.IP "\fBNO_COMPRESSION\fR"
+Disable SSL compression even if
+supported by the OpenSSL library. Compression is CPU\-intensive,
+and compression before encryption does not always improve security.
+.br
+.IP "\fBNO_RENEGOTIATION\fR"
+Postfix >= 3.4. This can
+reduce opportunities for a potential CPU exhaustion attack. See
+\fBSSL_CTX_set_options\fR(3).
+.br
+.IP "\fBNO_SESSION_RESUMPTION_ON_RENEGOTIATION\fR"
+Postfix
+>= 3.4. See \fBSSL_CTX_set_options\fR(3).
+.br
+.IP "\fBPRIORITIZE_CHACHA\fR"
+Postfix >= 3.4. See \fBSSL_CTX_set_options\fR(3).
+.br
+.br
+.PP
+This feature is available in Postfix 2.11 and later.
+.SH tls_wildcard_matches_multiple_labels (default: yes)
+Match multiple DNS labels with "*" in wildcard certificates.
+.PP
+Some mail service providers prepend the customer domain name
+to a base domain for which they have a wildcard TLS certificate.
+For example, the MX records for example.com hosted by example.net
+may be:
+.sp
+.in +4
+.nf
+.na
+.ft C
+example.com. IN MX 0 example.com.mx1.example.net.
+example.com. IN MX 0 example.com.mx2.example.net.
+.fi
+.ad
+.ft R
+.in -4
+.PP
+and the TLS certificate may be for "*.example.net". The "*"
+then corresponds with multiple labels in the mail server domain
+name. While multi\-label wildcards are not widely supported, and
+are not blessed by any standard, there is little to be gained by
+disallowing their use in this context.
+.PP
+Notes:
+.IP \(bu
+In a certificate name, the "*" is special only when it is
+used as the first label.
+.IP \(bu
+While Postfix (2.11 or later) can match "*" with multiple
+domain name labels, other implementations likely will not.
+.IP \(bu
+Earlier Postfix implementations behave as if
+"tls_wildcard_matches_multiple_labels = no".
+.br
+.PP
+This feature is available in Postfix 2.11 and later.
+.SH tlsmgr_service_name (default: tlsmgr)
+The name of the \fBtlsmgr\fR(8) service entry in master.cf. This
+service maintains TLS session caches and other information in support
+of TLS.
+.PP
+This feature is available in Postfix 2.11 and later.
+.SH tlsproxy_client_CAfile (default: $smtp_tls_CAfile)
+A file containing CA certificates of root CAs trusted to sign
+either remote TLS server certificates or intermediate CA certificates.
+See smtp_tls_CAfile for further details.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH tlsproxy_client_CApath (default: $smtp_tls_CApath)
+Directory with PEM format Certification Authority certificates
+that the Postfix \fBtlsproxy\fR(8) client uses to verify a remote TLS
+server certificate. See smtp_tls_CApath for further details.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH tlsproxy_client_cert_file (default: $smtp_tls_cert_file)
+File with the Postfix \fBtlsproxy\fR(8) client RSA certificate in PEM
+format. See smtp_tls_cert_file for further details. The preferred way
+to configure tlsproxy client keys and certificates is via the
+"tlsproxy_client_chain_files" parameter.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH tlsproxy_client_chain_files (default: $smtp_tls_chain_files)
+Files with the Postfix \fBtlsproxy\fR(8) client keys and certificate
+chains in PEM format. See smtp_tls_chain_files for further details.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH tlsproxy_client_dcert_file (default: $smtp_tls_dcert_file)
+File with the Postfix \fBtlsproxy\fR(8) client DSA certificate in PEM
+format. See smtp_tls_dcert_file for further details. DSA is obsolete and
+should not be used.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH tlsproxy_client_dkey_file (default: $smtp_tls_dkey_file)
+File with the Postfix \fBtlsproxy\fR(8) client DSA private key in PEM
+format. See smtp_tls_dkey_file for further details. DSA is obsolete and
+should not be used.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH tlsproxy_client_eccert_file (default: $smtp_tls_eccert_file)
+File with the Postfix \fBtlsproxy\fR(8) client ECDSA certificate in PEM
+format. See smtp_tls_eccert_file for further details. The preferred way
+to configure tlsproxy client keys and certificates is via the
+"tlsproxy_client_chain_files" parameter.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH tlsproxy_client_eckey_file (default: $smtp_tls_eckey_file)
+File with the Postfix \fBtlsproxy\fR(8) client ECDSA private key in PEM
+format. See smtp_tls_eckey_file for further details. The preferred way
+to configure tlsproxy client keys and certificates is via the
+"tlsproxy_client_chain_files" parameter.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH tlsproxy_client_enforce_tls (default: $smtp_enforce_tls)
+Enforcement mode: require that SMTP servers use TLS encryption.
+See smtp_enforce_tls for further details. Use
+tlsproxy_client_security_level instead.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH tlsproxy_client_fingerprint_digest (default: $smtp_tls_fingerprint_digest)
+The message digest algorithm used to construct remote TLS server
+certificate fingerprints. See smtp_tls_fingerprint_digest for
+further details.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH tlsproxy_client_key_file (default: $smtp_tls_key_file)
+File with the Postfix \fBtlsproxy\fR(8) client RSA private key in PEM
+format. See smtp_tls_key_file for further details. The preferred way to
+configure tlsproxy client keys and certificates is via the
+"tlsproxy_client_chain_files" parameter.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH tlsproxy_client_level (default: $smtp_tls_security_level)
+The default TLS security level for the Postfix \fBtlsproxy\fR(8)
+client. See smtp_tls_security_level for further details.
+.PP
+This feature is available in Postfix 3.4 \- 3.6. It was
+renamed to tlsproxy_client_security_level in Postfix 3.7.
+.SH tlsproxy_client_loglevel (default: $smtp_tls_loglevel)
+Enable additional Postfix \fBtlsproxy\fR(8) client logging of TLS
+activity. See smtp_tls_loglevel for further details.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH tlsproxy_client_loglevel_parameter (default: smtp_tls_loglevel)
+The name of the parameter that provides the tlsproxy_client_loglevel
+value.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH tlsproxy_client_per_site (default: $smtp_tls_per_site)
+Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS
+usage policy by next\-hop destination and by remote TLS server
+hostname. See smtp_tls_per_site for further details.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH tlsproxy_client_policy (default: $smtp_tls_policy_maps)
+Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS
+security policy by next\-hop destination. See smtp_tls_policy_maps
+for further details.
+.PP
+This feature is available in Postfix 3.4 \- 3.6. It was
+renamed to tlsproxy_client_policy_maps in Postfix 3.7.
+.SH tlsproxy_client_policy_maps (default: $smtp_tls_policy_maps)
+Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS
+security policy by next\-hop destination. See smtp_tls_policy_maps
+for further details.
+.PP
+This feature is available in Postfix 3.7 and later. It
+was previously called tlsproxy_client_policy.
+.SH tlsproxy_client_scert_verifydepth (default: $smtp_tls_scert_verifydepth)
+The verification depth for remote TLS server certificates.
+See smtp_tls_scert_verifydepth for further details.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH tlsproxy_client_security_level (default: $smtp_tls_security_level)
+The default TLS security level for the Postfix \fBtlsproxy\fR(8)
+client. See smtp_tls_security_level for further details.
+.PP
+This feature is available in Postfix 3.7 and later. It
+was previously called tlsproxy_client_level.
+.SH tlsproxy_client_use_tls (default: $smtp_use_tls)
+Opportunistic mode: use TLS when a remote server announces TLS
+support. See smtp_use_tls for further details. Use
+tlsproxy_client_security_level instead.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH tlsproxy_enforce_tls (default: $smtpd_enforce_tls)
+Mandatory TLS: announce STARTTLS support to remote SMTP clients, and
+require that clients use TLS encryption. See smtpd_enforce_tls for
+further details. Use tlsproxy_tls_security_level instead.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_service_name (default: tlsproxy)
+The name of the \fBtlsproxy\fR(8) service entry in master.cf. This
+service performs plaintext <=> TLS ciphertext conversion.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_tls_CAfile (default: $smtpd_tls_CAfile)
+A file containing (PEM format) CA certificates of root CAs
+trusted to sign either remote SMTP client certificates or intermediate
+CA certificates. See smtpd_tls_CAfile for further details.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_tls_CApath (default: $smtpd_tls_CApath)
+A directory containing (PEM format) CA certificates of root CAs
+trusted to sign either remote SMTP client certificates or intermediate
+CA certificates. See smtpd_tls_CApath for further details.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_tls_always_issue_session_ids (default: $smtpd_tls_always_issue_session_ids)
+Force the Postfix \fBtlsproxy\fR(8) server to issue a TLS session id,
+even when TLS session caching is turned off. See
+smtpd_tls_always_issue_session_ids for further details.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_tls_ask_ccert (default: $smtpd_tls_ask_ccert)
+Ask a remote SMTP client for a client certificate. See
+smtpd_tls_ask_ccert for further details.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_tls_ccert_verifydepth (default: $smtpd_tls_ccert_verifydepth)
+The verification depth for remote SMTP client certificates. A
+depth of 1 is sufficient if the issuing CA is listed in a local CA
+file. See smtpd_tls_ccert_verifydepth for further details.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_tls_cert_file (default: $smtpd_tls_cert_file)
+File with the Postfix \fBtlsproxy\fR(8) server RSA certificate in PEM
+format. This file may also contain the Postfix \fBtlsproxy\fR(8) server
+private RSA key. See smtpd_tls_cert_file for further details. With
+Postfix >= 3.4 the preferred way to configure tlsproxy server keys and
+certificates is via the "tlsproxy_tls_chain_files" parameter.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_tls_chain_files (default: $smtpd_tls_chain_files)
+Files with the Postfix \fBtlsproxy\fR(8) server keys and certificate
+chains in PEM format. See smtpd_tls_chain_files for further details.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH tlsproxy_tls_ciphers (default: $smtpd_tls_ciphers)
+The minimum TLS cipher grade that the Postfix \fBtlsproxy\fR(8) server
+will use with opportunistic TLS encryption. See smtpd_tls_ciphers
+for further details.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_tls_dcert_file (default: $smtpd_tls_dcert_file)
+File with the Postfix \fBtlsproxy\fR(8) server DSA certificate in PEM
+format. This file may also contain the Postfix \fBtlsproxy\fR(8) server
+private DSA key. DSA is obsolete and should not be used. See
+smtpd_tls_dcert_file for further details.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_tls_dh1024_param_file (default: $smtpd_tls_dh1024_param_file)
+File with DH parameters that the Postfix \fBtlsproxy\fR(8) server
+should use with non\-export EDH ciphers. See smtpd_tls_dh1024_param_file
+for further details.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_tls_dh512_param_file (default: $smtpd_tls_dh512_param_file)
+File with DH parameters that the Postfix \fBtlsproxy\fR(8) server
+should use with export\-grade EDH ciphers. See smtpd_tls_dh512_param_file
+for further details. The default SMTP server cipher grade is
+"medium" with Postfix releases after the middle of 2015, and as a
+result export\-grade cipher suites are by default not used.
+.PP
+With Postfix >= 3.6 export\-grade Diffie\-Hellman key exchange
+is no longer supported, and this parameter is silently ignored.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_tls_dkey_file (default: $smtpd_tls_dkey_file)
+File with the Postfix \fBtlsproxy\fR(8) server DSA private key in PEM
+format. This file may be combined with the Postfix \fBtlsproxy\fR(8) server
+DSA certificate file specified with $smtpd_tls_dcert_file. DSA is
+obsolete and should not be used. See smtpd_tls_dkey_file for further
+details.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_tls_eccert_file (default: $smtpd_tls_eccert_file)
+File with the Postfix \fBtlsproxy\fR(8) server ECDSA certificate in PEM
+format. This file may also contain the Postfix \fBtlsproxy\fR(8) server
+private ECDSA key. See smtpd_tls_eccert_file for further details. With
+Postfix >= 3.4 the preferred way to configure tlsproxy server keys and
+certificates is via the "tlsproxy_tls_chain_files" parameter.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_tls_eckey_file (default: $smtpd_tls_eckey_file)
+File with the Postfix \fBtlsproxy\fR(8) server ECDSA private key in PEM
+format. This file may be combined with the Postfix \fBtlsproxy\fR(8) server
+ECDSA certificate file specified with $smtpd_tls_eccert_file. See
+smtpd_tls_eckey_file for further details. With Postfix >= 3.4 the
+preferred way to configure tlsproxy server keys and certificates is via
+the "tlsproxy_tls_chain_files" parameter.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_tls_eecdh_grade (default: $smtpd_tls_eecdh_grade)
+The Postfix \fBtlsproxy\fR(8) server security grade for ephemeral
+elliptic\-curve Diffie\-Hellman (EECDH) key exchange. See
+smtpd_tls_eecdh_grade for further details.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_tls_exclude_ciphers (default: $smtpd_tls_exclude_ciphers)
+List of ciphers or cipher types to exclude from the \fBtlsproxy\fR(8)
+server cipher list at all TLS security levels. See
+smtpd_tls_exclude_ciphers for further details.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_tls_fingerprint_digest (default: $smtpd_tls_fingerprint_digest)
+The message digest algorithm to construct remote SMTP
+client\-certificate
+fingerprints. See smtpd_tls_fingerprint_digest for further details.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_tls_key_file (default: $smtpd_tls_key_file)
+File with the Postfix \fBtlsproxy\fR(8) server RSA private key in PEM
+format. This file may be combined with the Postfix \fBtlsproxy\fR(8) server
+RSA certificate file specified with $smtpd_tls_cert_file. See
+smtpd_tls_key_file for further details. With Postfix >= 3.4 the
+preferred way to configure tlsproxy server keys and certificates is via
+the "tlsproxy_tls_chain_files" parameter.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_tls_loglevel (default: $smtpd_tls_loglevel)
+Enable additional Postfix \fBtlsproxy\fR(8) server logging of TLS
+activity. Each logging level also includes the information that
+is logged at a lower logging level. See smtpd_tls_loglevel for
+further details.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_tls_mandatory_ciphers (default: $smtpd_tls_mandatory_ciphers)
+The minimum TLS cipher grade that the Postfix \fBtlsproxy\fR(8) server
+will use with mandatory TLS encryption. See smtpd_tls_mandatory_ciphers
+for further details.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_tls_mandatory_exclude_ciphers (default: $smtpd_tls_mandatory_exclude_ciphers)
+Additional list of ciphers or cipher types to exclude from the
+\fBtlsproxy\fR(8) server cipher list at mandatory TLS security levels.
+See smtpd_tls_mandatory_exclude_ciphers for further details.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_tls_mandatory_protocols (default: $smtpd_tls_mandatory_protocols)
+The SSL/TLS protocols accepted by the Postfix \fBtlsproxy\fR(8) server
+with mandatory TLS encryption. If the list is empty, the server
+supports all available SSL/TLS protocol versions. See
+smtpd_tls_mandatory_protocols for further details.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_tls_protocols (default: $smtpd_tls_protocols)
+List of TLS protocols that the Postfix \fBtlsproxy\fR(8) server will
+exclude or include with opportunistic TLS encryption. See
+smtpd_tls_protocols for further details.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_tls_req_ccert (default: $smtpd_tls_req_ccert)
+With mandatory TLS encryption, require a trusted remote SMTP
+client certificate in order to allow TLS connections to proceed.
+See smtpd_tls_req_ccert for further details.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_tls_security_level (default: $smtpd_tls_security_level)
+The SMTP TLS security level for the Postfix \fBtlsproxy\fR(8) server;
+when a non\-empty value is specified, this overrides the obsolete
+parameters smtpd_use_tls and smtpd_enforce_tls. See
+smtpd_tls_security_level for further details.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_tls_session_cache_timeout (default: $smtpd_tls_session_cache_timeout)
+Obsolete expiration time of Postfix \fBtlsproxy\fR(8) server TLS session
+cache information. Since the cache is shared with \fBsmtpd\fR(8) and managed
+by \fBtlsmgr\fR(8), there is only one expiration time for the SMTP server cache
+shared by all three services, namely smtpd_tls_session_cache_timeout.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_use_tls (default: $smtpd_use_tls)
+Opportunistic TLS: announce STARTTLS support to remote SMTP clients,
+but do not require that clients use TLS encryption. See smtpd_use_tls
+for further details. Use tlsproxy_tls_security_level instead.
+.PP
+This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_watchdog_timeout (default: 10s)
+How much time a \fBtlsproxy\fR(8) process may take to process local
+or remote I/O before it is terminated by a built\-in watchdog timer.
+This is a safety mechanism that prevents \fBtlsproxy\fR(8) from becoming
+non\-responsive due to a bug in Postfix itself or in system software.
+To avoid false alarms and unnecessary cache corruption this limit
+cannot be set under 10s.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.8 and later
+.SH trace_service_name (default: trace)
+The name of the trace service. This service is implemented by the
+\fBbounce\fR(8) daemon and maintains a record
+of mail deliveries and produces a mail delivery report when verbose
+delivery is requested with "\fBsendmail \-v\fR".
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH transport_delivery_slot_cost (default: $default_delivery_slot_cost)
+A transport\-specific override for the default_delivery_slot_cost
+parameter value, where \fItransport\fR is the master.cf name of
+the message delivery transport.
+.PP
+Note: \fItransport\fR_delivery_slot_cost parameters will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a master.cf service name and a built\-in suffix (in this case:
+"_delivery_slot_cost").
+.SH transport_delivery_slot_discount (default: $default_delivery_slot_discount)
+A transport\-specific override for the default_delivery_slot_discount
+parameter value, where \fItransport\fR is the master.cf name of
+the message delivery transport.
+.PP
+Note: \fItransport\fR_delivery_slot_discount parameters will
+not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built\-in suffix (in
+this case: "_delivery_slot_discount").
+.SH transport_delivery_slot_loan (default: $default_delivery_slot_loan)
+A transport\-specific override for the default_delivery_slot_loan
+parameter value, where \fItransport\fR is the master.cf name of
+the message delivery transport.
+.PP
+Note: \fItransport\fR_delivery_slot_loan parameters will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a master.cf service name and a built\-in suffix (in this case:
+"_delivery_slot_loan").
+.SH transport_destination_concurrency_failed_cohort_limit (default: $default_destination_concurrency_failed_cohort_limit)
+A transport\-specific override for the
+default_destination_concurrency_failed_cohort_limit parameter value,
+where \fItransport\fR is the master.cf name of the message delivery
+transport.
+.PP
+Note: some \fItransport\fR_destination_concurrency_failed_cohort_limit
+parameters will not show up in "postconf" command output before
+Postfix version 2.9. This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built\-in suffix (in this case:
+"_destination_concurrency_failed_cohort_limit").
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH transport_destination_concurrency_limit (default: $default_destination_concurrency_limit)
+A transport\-specific override for the
+default_destination_concurrency_limit parameter value, where
+\fItransport\fR is the master.cf name of the message delivery
+transport.
+.PP
+Note: some \fItransport\fR_destination_concurrency_limit
+parameters will not show up in "postconf" command output before
+Postfix version 2.9. This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built\-in suffix (in this case: "_destination_concurrency_limit").
+.SH transport_destination_concurrency_negative_feedback (default: $default_destination_concurrency_negative_feedback)
+A transport\-specific override for the
+default_destination_concurrency_negative_feedback parameter value,
+where \fItransport\fR is the master.cf name of the message delivery
+transport.
+.PP
+Note: some \fItransport\fR_destination_concurrency_negative_feedback
+parameters will not show up in "postconf" command output before
+Postfix version 2.9. This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built\-in suffix (in this case:
+"_destination_concurrency_negative_feedback").
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH transport_destination_concurrency_positive_feedback (default: $default_destination_concurrency_positive_feedback)
+A transport\-specific override for the
+default_destination_concurrency_positive_feedback parameter value,
+where \fItransport\fR is the master.cf name of the message delivery
+transport.
+.PP
+Note: some \fItransport\fR_destination_concurrency_positive_feedback
+parameters will not show up in "postconf" command output before
+Postfix version 2.9. This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built\-in suffix (in this case:
+"_destination_concurrency_positive_feedback").
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH transport_destination_rate_delay (default: $default_destination_rate_delay)
+A transport\-specific override for the default_destination_rate_delay
+parameter value, where \fItransport\fR is the master.cf name of
+the message delivery transport.
+.PP
+Note: some \fItransport\fR_destination_rate_delay parameters
+will not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built\-in suffix (in
+this case: "_destination_rate_delay").
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH transport_destination_recipient_limit (default: $default_destination_recipient_limit)
+A transport\-specific override for the
+default_destination_recipient_limit parameter value, where
+\fItransport\fR is the master.cf name of the message delivery
+transport.
+.PP
+Note: some \fItransport\fR_destination_recipient_limit parameters
+will not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built\-in suffix (in
+this case: "_destination_recipient_limit").
+.SH transport_extra_recipient_limit (default: $default_extra_recipient_limit)
+A transport\-specific override for the default_extra_recipient_limit
+parameter value, where \fItransport\fR is the master.cf name of
+the message delivery transport.
+.PP
+Note: \fItransport\fR_extra_recipient_limit parameters will
+not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built\-in suffix (in
+this case: "_extra_recipient_limit").
+.SH transport_initial_destination_concurrency (default: $initial_destination_concurrency)
+A transport\-specific override for the initial_destination_concurrency
+parameter value, where \fItransport\fR is the master.cf name of
+the message delivery transport.
+.PP
+Note: some \fItransport\fR_initial_destination_concurrency
+parameters will not show up in "postconf" command output before
+Postfix version 2.9. This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built\-in suffix (in this case: "_initial_destination_concurrency").
+.PP
+This feature is available in Postfix 2.5 and later.
+.SH transport_maps (default: empty)
+Optional lookup tables with mappings from recipient address to
+(message delivery transport, next\-hop destination). See \fBtransport\fR(5)
+for details.
+.PP
+Specify zero or more "type:table" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found. If you use this
+feature with local files, run "\fBpostmap /etc/postfix/transport\fR"
+after making a change.
+.PP
+Pattern matching of domain names is controlled by the presence
+or absence of "transport_maps" in the parent_domain_matches_subdomains
+parameter value.
+.PP
+For safety reasons, as of Postfix 2.3 this feature does not
+allow $number substitutions in regular expression maps.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+transport_maps = dbm:/etc/postfix/transport
+transport_maps = hash:/etc/postfix/transport
+.fi
+.ad
+.ft R
+.SH transport_minimum_delivery_slots (default: $default_minimum_delivery_slots)
+A transport\-specific override for the default_minimum_delivery_slots
+parameter value, where \fItransport\fR is the master.cf name of
+the message delivery transport.
+.PP
+Note: \fItransport\fR_minimum_delivery_slots parameters will
+not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built\-in suffix (in
+this case: "_minimum_delivery_slots").
+.SH transport_recipient_limit (default: $default_recipient_limit)
+A transport\-specific override for the default_recipient_limit
+parameter value, where \fItransport\fR is the master.cf name of
+the message delivery transport.
+.PP
+Note: some \fItransport\fR_recipient_limit parameters will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a master.cf service name and a built\-in suffix (in this case:
+"_recipient_limit").
+.SH transport_recipient_refill_delay (default: $default_recipient_refill_delay)
+A transport\-specific override for the default_recipient_refill_delay
+parameter value, where \fItransport\fR is the master.cf name of
+the message delivery transport.
+.PP
+Note: \fItransport\fR_recipient_refill_delay parameters will
+not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built\-in suffix (in
+this case: "_recipient_refill_delay").
+.PP
+This feature is available in Postfix 2.4 and later.
+.SH transport_recipient_refill_limit (default: $default_recipient_refill_limit)
+A transport\-specific override for the default_recipient_refill_limit
+parameter value, where \fItransport\fR is the master.cf name of
+the message delivery transport.
+.PP
+Note: \fItransport\fR_recipient_refill_limit parameters will
+not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built\-in suffix (in
+this case: "_recipient_refill_limit").
+.PP
+This feature is available in Postfix 2.4 and later.
+.SH transport_retry_time (default: 60s)
+The time between attempts by the Postfix queue manager to contact
+a malfunctioning message delivery transport.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH transport_time_limit (default: $command_time_limit)
+A transport\-specific override for the command_time_limit parameter
+value, where \fItransport\fR is the master.cf name of the message
+delivery transport.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+Note: \fItransport\fR_time_limit parameters will not show up
+in "postconf" command output before Postfix version 2.9. This
+limitation applies to many parameters whose name is a combination
+of a master.cf service name and a built\-in suffix (in this case:
+"_time_limit").
+.SH transport_transport_rate_delay (default: $default_transport_rate_delay)
+A transport\-specific override for the default_transport_rate_delay
+parameter value, where the initial \fItransport\fR in the parameter
+name is the master.cf name of the message delivery transport.
+.PP
+Specify a non\-negative time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.PP
+Note: \fItransport\fR_transport_rate_delay parameters will
+not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built\-in suffix (in
+this case: "_transport_rate_delay").
+.SH trigger_timeout (default: 10s)
+The time limit for sending a trigger to a Postfix daemon (for
+example, the \fBpickup\fR(8) or \fBqmgr\fR(8) daemon). This time limit prevents
+programs from getting stuck when the mail system is under heavy
+load.
+.PP
+Specify a non\-zero time value (an integral value plus an optional
+one\-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+.SH undisclosed_recipients_header (default: see "postconf \-d" output)
+Message header that the Postfix \fBcleanup\fR(8) server inserts when a
+message contains no To: or Cc: message header. With Postfix 2.8
+and later, the default value is empty. With Postfix 2.4\-2.7,
+specify an empty value to disable this feature.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+# Default value before Postfix 2.8.
+# Note: the ":" and ";" are both required.
+undisclosed_recipients_header = To: undisclosed\-recipients:;
+.fi
+.ad
+.ft R
+.SH unknown_address_reject_code (default: 450)
+The numerical response code when the Postfix SMTP server rejects a
+sender or recipient address because its domain is unknown. This
+is one of the possible replies from the restrictions
+reject_unknown_sender_domain and reject_unknown_recipient_domain.
+.PP
+Do not change this unless you have a complete understanding of RFC 5321.
+.SH unknown_address_tempfail_action (default: $reject_tempfail_action)
+The Postfix SMTP server's action when reject_unknown_sender_domain
+or reject_unknown_recipient_domain fail due to a temporary error
+condition. Specify "defer" to defer the remote SMTP client request
+immediately. With the default "defer_if_permit" action, the Postfix
+SMTP server continues to look for opportunities to reject mail, and
+defers the client request only if it would otherwise be accepted.
+.PP
+This feature is available in Postfix 2.6 and later.
+.SH unknown_client_reject_code (default: 450)
+The numerical Postfix SMTP server response code when a client
+without valid address <=> name mapping is rejected by the
+reject_unknown_client_hostname restriction. The SMTP server always replies
+with 450 when the mapping failed due to a temporary error condition.
+.PP
+Do not change this unless you have a complete understanding of RFC 5321.
+.SH unknown_helo_hostname_tempfail_action (default: $reject_tempfail_action)
+The Postfix SMTP server's action when reject_unknown_helo_hostname
+fails due to a temporary error condition. Specify "defer" to defer
+the remote SMTP client request immediately. With the default
+"defer_if_permit" action, the Postfix SMTP server continues to look
+for opportunities to reject mail, and defers the client request
+only if it would otherwise be accepted.
+.PP
+This feature is available in Postfix 2.6 and later.
+.SH unknown_hostname_reject_code (default: 450)
+The numerical Postfix SMTP server response code when the hostname
+specified with the HELO or EHLO command is rejected by the
+reject_unknown_helo_hostname restriction.
+.PP
+Do not change this unless you have a complete understanding of RFC 5321.
+.SH unknown_local_recipient_reject_code (default: 550)
+The numerical Postfix SMTP server response code when a recipient
+address is local, and $local_recipient_maps specifies a list of
+lookup tables that does not match the recipient. A recipient
+address is local when its domain matches $mydestination,
+$proxy_interfaces or $inet_interfaces.
+.PP
+The default setting is 550 (reject mail) but it is safer to initially
+use 450 (try again later) so you have time to find out if your
+local_recipient_maps settings are OK.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+unknown_local_recipient_reject_code = 450
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH unknown_relay_recipient_reject_code (default: 550)
+The numerical Postfix SMTP server reply code when a recipient
+address matches $relay_domains, and relay_recipient_maps specifies
+a list of lookup tables that does not match the recipient address.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH unknown_virtual_alias_reject_code (default: 550)
+The Postfix SMTP server reply code when a recipient address matches
+$virtual_alias_domains, and $virtual_alias_maps specifies a list
+of lookup tables that does not match the recipient address.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH unknown_virtual_mailbox_reject_code (default: 550)
+The Postfix SMTP server reply code when a recipient address matches
+$virtual_mailbox_domains, and $virtual_mailbox_maps specifies a list
+of lookup tables that does not match the recipient address.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH unverified_recipient_defer_code (default: 450)
+The numerical Postfix SMTP server response when a recipient address
+probe fails due to a temporary error condition.
+.PP
+Unlike elsewhere in Postfix, you can specify 250 in order to
+accept the address anyway.
+.PP
+Do not change this unless you have a complete understanding of RFC 5321.
+.PP
+This feature is available in Postfix 2.6 and later.
+.SH unverified_recipient_reject_code (default: 450)
+The numerical Postfix SMTP server response when a recipient address
+is rejected by the reject_unverified_recipient restriction.
+.PP
+Unlike elsewhere in Postfix, you can specify 250 in order to
+accept the address anyway.
+.PP
+Do not change this unless you have a complete understanding of RFC 5321.
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH unverified_recipient_reject_reason (default: empty)
+The Postfix SMTP server's reply when rejecting mail with
+reject_unverified_recipient. Do not include the numeric SMTP reply
+code or the enhanced status code. By default, the response includes
+actual address verification details.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+unverified_recipient_reject_reason = Recipient address lookup failed
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.6 and later.
+.SH unverified_recipient_tempfail_action (default: $reject_tempfail_action)
+The Postfix SMTP server's action when reject_unverified_recipient
+fails due to a temporary error condition. Specify "defer" to defer
+the remote SMTP client request immediately. With the default
+"defer_if_permit" action, the Postfix SMTP server continues to look
+for opportunities to reject mail, and defers the client request
+only if it would otherwise be accepted.
+.PP
+This feature is available in Postfix 2.6 and later.
+.SH unverified_sender_defer_code (default: 450)
+The numerical Postfix SMTP server response code when a sender address
+probe fails due to a temporary error condition.
+.PP
+Unlike elsewhere in Postfix, you can specify 250 in order to
+accept the address anyway.
+.PP
+Do not change this unless you have a complete understanding of RFC 5321.
+.PP
+This feature is available in Postfix 2.6 and later.
+.SH unverified_sender_reject_code (default: 450)
+The numerical Postfix SMTP server response code when a recipient
+address is rejected by the reject_unverified_sender restriction.
+.PP
+Unlike elsewhere in Postfix, you can specify 250 in order to
+accept the address anyway.
+.PP
+Do not change this unless you have a complete understanding of RFC 5321.
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH unverified_sender_reject_reason (default: empty)
+The Postfix SMTP server's reply when rejecting mail with
+reject_unverified_sender. Do not include the numeric SMTP reply
+code or the enhanced status code. By default, the response includes
+actual address verification details.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+unverified_sender_reject_reason = Sender address lookup failed
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.6 and later.
+.SH unverified_sender_tempfail_action (default: $reject_tempfail_action)
+The Postfix SMTP server's action when reject_unverified_sender
+fails due to a temporary error condition. Specify "defer" to defer
+the remote SMTP client request immediately. With the default
+"defer_if_permit" action, the Postfix SMTP server continues to look
+for opportunities to reject mail, and defers the client request
+only if it would otherwise be accepted.
+.PP
+This feature is available in Postfix 2.6 and later.
+.SH use_srv_lookup (default: empty)
+Enables discovery for the specified service(s) using DNS SRV
+records. For example, with "use_srv_lookup = submission" and
+"relayhost = example.com:submission", the Postfix SMTP client will
+look up DNS SRV records for _submission._tcp.example.com, and will
+relay email through the hosts and ports that are specified with
+those records. See RFC 2782 for details of the host selection
+process.
+.PP
+Specify zero or more service names separated by comma and/or
+whitespace. Any name in the \fBservices\fR(5) database may be specified,
+though in practice only submission, submissions, and smtp make
+sense.
+.PP
+When SRV record lookup is enabled with use_srv_lookup, you can
+enclose a domain name in "[]" to force IP address lookup instead
+of SRV record lookup.
+.PP
+Example 1: MUA\-to\-MTA submission using SRV record lookup for
+the "submission" service for domain "example.com". This uses the
+default SMTP delivery agent with STARTTLS, and looks up SRV records
+for "_submission._tcp.example.com".
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ use_srv_lookup = submission
+ relayhost = example.com:submission
+ smtp_tls_security_level = may
+ ...see SASL_README for sasl configuration...
+.fi
+.ad
+.ft R
+.PP
+Example 2: MUA\-to\-MTA submission using SRV record lookup for
+the "submissions" service for domain "example.org". This uses a
+dedicated SMTP delivery agent (smtp\-wraptls) with tls_wrappermode
+turned on, and looks up SRV records for "_submissions._tcp.example.org".
+.PP
+Note: specify the older name "smtps" instead of "submissions"
+when a provider has DNS SRV records like "_smtps._tcp.example.org"
+instead of "_submissions._tcp.example.org".
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ use_srv_lookup = submissions
+ default_transport = smtp\-wraptls:example.org:submissions
+ ...see SASL_README for sasl configuration...
+.fi
+.ad
+.ft R
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/master.cf:
+ smtp\-wraptls unix ... ... ... ... ... smtp
+ \-o { smtp_tls_wrappermode = yes }
+ \-o { smtp_tls_security_level = encrypt }
+.fi
+.ad
+.ft R
+.PP
+Example 3: Sender\-dependent selection for a combination of
+MUA\-to\-MTA submission services. This combines examples 1 and 2 with
+examples of how to disable SRV and look up IP address records for
+"smtp\-relay.example.net" and "smtp\-relay.other.example". Again,
+specify the older name "smtps" instead of "submissions" when a
+provider has DNS SRV records like "_smtps._tcp.example.org" instead
+of "_submissions._tcp.example.org".
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ use_srv_lookup = submission, submissions
+ sender_dependent_default_transport_maps = inline:{
+ # Destinations that support SRV record lookup.
+ { user1@example.com = smtp:example.com:submission }
+ { user2@example.org = smtp\-wraptls:example.org:submissions }
+ # Use [destination] to force IP address lookups.
+ { user3@example.net = smtp:[smtp\-relay.example.net]:submission }
+ { user4@other.example =
+ smtp\-wraptls:[smtp\-relay.other.example]:submissions } }
+ ...see SASL_README for sasl configuration...
+.fi
+.ad
+.ft R
+.PP
+Example 4: MTA\-to\-MTA traffic, using SRV record lookup for the
+SMTP service. This is useful for Postfix tests, and may be useful
+in environments where ports are dynamically assigned to servers.
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ use_srv_lookup = smtp
+ # Fall back to MX record lookup when SRV records are unavailable.
+ #allow_srv_lookup_fallback = yes
+ #ignore_srv_lookup_error = yes
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 3.8 and later.
+.SH verp_delimiter_filter (default: \-=+)
+The characters Postfix accepts as VERP delimiter characters on the
+Postfix \fBsendmail\fR(1) command line and in SMTP commands.
+.PP
+This feature is available in Postfix 1.1 and later.
+.SH virtual_alias_address_length_limit (default: 1000)
+The maximal length of an email address after virtual alias expansion.
+This stops virtual aliasing loops that increase the address length
+exponentially.
+.PP
+This feature is available in Postfix 3.0 and later.
+.SH virtual_alias_domains (default: $virtual_alias_maps)
+Postfix is the final destination for the specified list of virtual
+alias domains, that is, domains for which all addresses are aliased
+to addresses in other local or remote domains. The SMTP server
+validates recipient addresses with $virtual_alias_maps and rejects
+non\-existent recipients. See also the virtual alias domain class
+in the ADDRESS_CLASS_README file
+.PP
+This feature is available in Postfix 2.0 and later. The default
+value is backwards compatible with Postfix version 1.1.
+.PP
+The default value is $virtual_alias_maps so that you can keep all
+information about virtual alias domains in one place. If you have
+many users, it is better to separate information that changes more
+frequently (virtual address \-> local or remote address mapping)
+from information that changes less frequently (the list of virtual
+domain names).
+.PP
+Specify a list of host or domain names, "/file/name" or
+"type:table" patterns, separated by commas and/or whitespace. A
+"/file/name" pattern is replaced by its contents; a "type:table"
+lookup table is matched when a table entry matches a host or domain name
+(the lookup result is ignored). Continue long lines by starting
+the next line with whitespace. Specify "!pattern" to exclude a host
+or domain name from the list. The form "!/file/name" is supported
+only in Postfix version 2.4 and later.
+.PP
+See also the VIRTUAL_README and ADDRESS_CLASS_README documents
+for further information.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+virtual_alias_domains = virtual1.tld virtual2.tld
+.fi
+.ad
+.ft R
+.SH virtual_alias_expansion_limit (default: 1000)
+The maximal number of addresses that virtual alias expansion produces
+from each original recipient.
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH virtual_alias_maps (default: $virtual_maps)
+Optional lookup tables that alias specific mail addresses or domains
+to other local or remote addresses. The table format and lookups
+are documented in \fBvirtual\fR(5). For an overview of Postfix address
+manipulations see the ADDRESS_REWRITING_README document.
+.PP
+This feature is available in Postfix 2.0 and later. The default
+value is backwards compatible with Postfix version 1.1.
+.PP
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+Note: these lookups are recursive.
+.PP
+If you use this feature with indexed files, run "\fBpostmap
+/etc/postfix/virtual\fR" after changing the file.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+virtual_alias_maps = dbm:/etc/postfix/virtual
+virtual_alias_maps = hash:/etc/postfix/virtual
+.fi
+.ad
+.ft R
+.SH virtual_alias_recursion_limit (default: 1000)
+The maximal nesting depth of virtual alias expansion. Currently
+the recursion limit is applied only to the left branch of the
+expansion graph, so the depth of the tree can in the worst case
+reach the sum of the expansion and recursion limits. This may
+change in the future.
+.PP
+This feature is available in Postfix 2.1 and later.
+.SH virtual_delivery_status_filter (default: $default_delivery_status_filter)
+Optional filter for the \fBvirtual\fR(8) delivery agent to change the
+delivery status code or explanatory text of successful or unsuccessful
+deliveries. See default_delivery_status_filter for details.
+.PP
+This feature is available in Postfix 3.0 and later.
+.SH virtual_destination_concurrency_limit (default: $default_destination_concurrency_limit)
+The maximal number of parallel deliveries to the same destination
+via the virtual message delivery transport. This limit is enforced
+by the queue manager. The message delivery transport name is the
+first field in the entry in the master.cf file.
+.SH virtual_destination_recipient_limit (default: $default_destination_recipient_limit)
+The maximal number of recipients per message for the virtual
+message delivery transport. This limit is enforced by the queue
+manager. The message delivery transport name is the first field in
+the entry in the master.cf file.
+.PP
+Setting this parameter to a value of 1 changes the meaning of
+virtual_destination_concurrency_limit from concurrency per domain
+into concurrency per recipient.
+.SH virtual_gid_maps (default: empty)
+Lookup tables with the per\-recipient group ID for \fBvirtual\fR(8) mailbox
+delivery.
+.PP
+This parameter is specific to the \fBvirtual\fR(8) delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program.
+.PP
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+.PP
+In a lookup table, specify a left\-hand side of "@domain.tld" to
+match any user in the specified domain that does not have a specific
+"user@domain.tld" entry.
+.PP
+When a recipient address has an optional address extension
+(user+foo@domain.tld), the \fBvirtual\fR(8) delivery agent looks up
+the full address first, and when the lookup fails, it looks up the
+unextended address (user@domain.tld).
+.PP
+Note 1: for security reasons, the \fBvirtual\fR(8) delivery agent disallows
+regular expression substitution of $1 etc. in regular expression
+lookup tables, because that would open a security hole.
+.PP
+Note 2: for security reasons, the \fBvirtual\fR(8) delivery agent will
+silently ignore requests to use the \fBproxymap\fR(8) server. Instead
+it will open the table directly. Before Postfix version 2.2, the
+\fBvirtual\fR(8) delivery agent will terminate with a fatal error.
+.SH virtual_mailbox_base (default: empty)
+A prefix that the \fBvirtual\fR(8) delivery agent prepends to all pathname
+results from $virtual_mailbox_maps table lookups. This is a safety
+measure to ensure that an out of control map doesn't litter the
+file system with mailboxes. While virtual_mailbox_base could be
+set to "/", this setting isn't recommended.
+.PP
+This parameter is specific to the \fBvirtual\fR(8) delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+virtual_mailbox_base = /var/mail
+.fi
+.ad
+.ft R
+.SH virtual_mailbox_domains (default: $virtual_mailbox_maps)
+Postfix is the final destination for the specified list of domains;
+mail is delivered via the $virtual_transport mail delivery transport.
+By default this is the Postfix \fBvirtual\fR(8) delivery agent. The SMTP
+server validates recipient addresses with $virtual_mailbox_maps
+and rejects mail for non\-existent recipients. See also the virtual
+mailbox domain class in the ADDRESS_CLASS_README file.
+.PP
+This parameter expects the same syntax as the mydestination
+configuration parameter.
+.PP
+This feature is available in Postfix 2.0 and later. The default
+value is backwards compatible with Postfix version 1.1.
+.SH virtual_mailbox_limit (default: 51200000)
+The maximal size in bytes of an individual \fBvirtual\fR(8) mailbox or
+maildir file, or zero (no limit).
+.PP
+This parameter is specific to the \fBvirtual\fR(8) delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program.
+.SH virtual_mailbox_lock (default: see "postconf \-d" output)
+How to lock a UNIX\-style \fBvirtual\fR(8) mailbox before attempting
+delivery. For a list of available file locking methods, use the
+"\fBpostconf \-l\fR" command.
+.PP
+This parameter is specific to the \fBvirtual\fR(8) delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program.
+.PP
+This setting is ignored with \fBmaildir\fR style delivery, because
+such deliveries are safe without application\-level locks.
+.PP
+Note 1: the \fBdotlock\fR method requires that the recipient UID
+or GID has write access to the parent directory of the recipient's
+mailbox file.
+.PP
+Note 2: the default setting of this parameter is system dependent.
+.SH virtual_mailbox_maps (default: empty)
+Optional lookup tables with all valid addresses in the domains that
+match $virtual_mailbox_domains.
+.PP
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+.PP
+In a lookup table, specify a left\-hand side of "@domain.tld" to
+match any user in the specified domain that does not have a specific
+"user@domain.tld" entry.
+.PP
+With the default "virtual_mailbox_domains = $virtual_mailbox_maps",
+lookup tables also need entries with a left\-hand side of "domain.tld"
+to satisfy virtual_mailbox_domain lookups (the right\-hand side is
+required but will not be used).
+.PP
+The remainder of this text is specific to the \fBvirtual\fR(8) delivery
+agent. It does not apply when mail is delivered with a different
+mail delivery program.
+.PP
+The \fBvirtual\fR(8) delivery agent uses this table to look up the
+per\-recipient mailbox or maildir pathname. If the lookup result
+ends in a slash ("/"), maildir\-style delivery is carried out,
+otherwise the path is assumed to specify a UNIX\-style mailbox file.
+Note that $virtual_mailbox_base is unconditionally prepended to
+this path.
+.PP
+When a recipient address has an optional address extension
+(user+foo@domain.tld), the \fBvirtual\fR(8) delivery agent looks up
+the full address first, and when the lookup fails, it looks up the
+unextended address (user@domain.tld).
+.PP
+Note 1: for security reasons, the \fBvirtual\fR(8) delivery agent disallows
+regular expression substitution of $1 etc. in regular expression
+lookup tables, because that would open a security hole.
+.PP
+Note 2: for security reasons, the \fBvirtual\fR(8) delivery agent will
+silently ignore requests to use the \fBproxymap\fR(8) server. Instead
+it will open the table directly. Before Postfix version 2.2, the
+\fBvirtual\fR(8) delivery agent will terminate with a fatal error.
+.SH virtual_maps (default: empty)
+Optional lookup tables with a) names of domains for which all
+addresses are aliased to addresses in other local or remote domains,
+and b) addresses that are aliased to addresses in other local or
+remote domains. Available before Postfix version 2.0. With Postfix
+version 2.0 and later, this is replaced by separate controls: virtual_alias_domains
+and virtual_alias_maps.
+.SH virtual_minimum_uid (default: 100)
+The minimum user ID value that the \fBvirtual\fR(8) delivery agent accepts
+as a result from $virtual_uid_maps table lookup. Returned
+values less than this will be rejected, and the message will be
+deferred.
+.PP
+This parameter is specific to the \fBvirtual\fR(8) delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program.
+.SH virtual_transport (default: virtual)
+The default mail delivery transport and next\-hop destination for
+final delivery to domains listed with $virtual_mailbox_domains.
+This information can be overruled with the \fBtransport\fR(5) table.
+.PP
+Specify a string of the form \fItransport:nexthop\fR, where \fItransport\fR
+is the name of a mail delivery transport defined in master.cf.
+The \fI:nexthop\fR destination is optional; its syntax is documented
+in the manual page of the corresponding delivery agent.
+.PP
+This feature is available in Postfix 2.0 and later.
+.SH virtual_uid_maps (default: empty)
+Lookup tables with the per\-recipient user ID that the \fBvirtual\fR(8)
+delivery agent uses while writing to the recipient's mailbox.
+.PP
+This parameter is specific to the \fBvirtual\fR(8) delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program.
+.PP
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+.PP
+In a lookup table, specify a left\-hand side of "@domain.tld"
+to match any user in the specified domain that does not have a
+specific "user@domain.tld" entry.
+.PP
+When a recipient address has an optional address extension
+(user+foo@domain.tld), the \fBvirtual\fR(8) delivery agent looks up
+the full address first, and when the lookup fails, it looks up the
+unextended address (user@domain.tld).
+.PP
+Note 1: for security reasons, the \fBvirtual\fR(8) delivery agent disallows
+regular expression substitution of $1 etc. in regular expression
+lookup tables, because that would open a security hole.
+.PP
+Note 2: for security reasons, the \fBvirtual\fR(8) delivery agent will
+silently ignore requests to use the \fBproxymap\fR(8) server. Instead
+it will open the table directly. Before Postfix version 2.2, the
+\fBvirtual\fR(8) delivery agent will terminate with a fatal error.
+.SH SEE ALSO
+.na
+.nf
+postconf(1), Postfix configuration parameter maintenance
+master(5), Postfix daemon configuration maintenance
+.SH LICENSE
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH AUTHOR(S)
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+.sp
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
+.sp
+Viktor Dukhovni
diff --git a/man/man5/postfix-wrapper.5 b/man/man5/postfix-wrapper.5
new file mode 100644
index 0000000..3f4ee9c
--- /dev/null
+++ b/man/man5/postfix-wrapper.5
@@ -0,0 +1,317 @@
+.TH POSTFIX-WRAPPER 5
+.ad
+.fi
+.SH NAME
+postfix-wrapper
+\-
+Postfix multi\-instance API
+.SH DESCRIPTION
+.ad
+.fi
+Support for managing multiple Postfix instances is available
+as of version 2.6. Instances share executable files and
+documentation, but have their own directories for configuration,
+queue and data files.
+
+This document describes how the familiar "postfix start"
+etc. user interface can be used to manage one or multiple
+Postfix instances, and gives details of an API to coordinate
+activities between the postfix(1) command and a multi\-instance
+manager program.
+
+With multi\-instance support, the default Postfix instance
+is always required. This instance is identified by the
+config_directory parameter's default value.
+.SH "GENERAL OPERATION"
+.na
+.nf
+.ad
+.fi
+Multi\-instance support is backwards compatible: when you
+run only one Postfix instance, commands such as "postfix
+start" will not change behavior at all.
+
+Even with multiple Postfix instances, you can keep using
+the same postfix commands in boot scripts, upgrade procedures,
+and other places. The commands do more work, but humans are
+not forced to learn new tricks.
+
+For example, to start all Postfix instances, use:
+.IP
+# postfix start
+.PP
+Other postfix(1) commands also work as expected. For example,
+to find out what Postfix instances exist in a multi\-instance
+configuration, use:
+.IP
+# postfix status
+.PP
+This enumerates the status of all Postfix instances within
+a multi\-instance configuration.
+.SH "MANAGING AN INDIVIDUAL POSTFIX INSTANCE"
+.na
+.nf
+.ad
+.fi
+To manage a specific Postfix instance, specify its configuration
+directory on the postfix(1) command line:
+.IP
+# postfix \-c \fI/path/to/config_directory command\fR
+.PP
+Alternatively, the postfix(1) command accepts the instance's
+configuration directory via the MAIL_CONFIG environment
+variable (the \-c command\-line option has higher precedence).
+
+Otherwise, the postfix(1) command will operate on all Postfix
+instances.
+.SH "ENABLING POSTFIX(1) MULTI-INSTANCE MODE"
+.na
+.nf
+.ad
+.fi
+By default, the postfix(1) command operates in single\-instance
+mode. In this mode the command invokes the postfix\-script
+file directly (currently installed in the daemon directory).
+This file contains the commands that start or stop one
+Postfix instance, that upgrade the configuration of one
+Postfix instance, and so on.
+
+When the postfix(1) command operates in multi\-instance mode
+as discussed below, the command needs to execute start,
+stop, etc. commands for each Postfix instance. This
+multiplication of commands is handled by a multi\-instance
+manager program.
+
+Turning on postfix(1) multi\-instance mode goes as follows:
+in the default Postfix instance's main.cf file, 1) specify
+the pathname of a multi\-instance manager program with the
+multi_instance_wrapper parameter; 2) populate the
+multi_instance_directories parameter with the configuration
+directory pathnames of additional Postfix instances. For
+example:
+.IP
+.nf
+/etc/postfix/main.cf:
+ multi_instance_wrapper = $daemon_directory/postfix\-wrapper
+ multi_instance_directories = /etc/postfix\-test
+.fi
+.PP
+The $daemon_directory/postfix\-wrapper file implements a
+simple manager and contains instructions for creating Postfix
+instances by hand. The postmulti(1) command provides a
+more extensive implementation including support for life\-cycle
+management.
+
+The multi_instance_directories and other main.cf parameters
+are listed below in the CONFIGURATION PARAMETERS section.
+
+In multi\-instance mode, the postfix(1) command invokes the
+$multi_instance_wrapper command instead of the postfix\-script
+file. This multi\-instance manager in turn executes the
+postfix(1) command in single\-instance mode for each Postfix
+instance.
+
+To illustrate the main ideas behind multi\-instance operation,
+below is an example of a simple but useful multi\-instance
+manager implementation:
+.IP
+.nf
+#!/bin/sh
+
+: ${command_directory?"do not invoke this command directly"}
+
+POSTCONF=$command_directory/postconf
+POSTFIX=$command_directory/postfix
+instance_dirs=\`$POSTCONF \-h multi_instance_directories |
+ sed 's/,/ /'\` || exit 1
+
+err=0
+for dir in $config_directory $instance_dirs
+do
+ case "$1" in
+ stop|abort|flush|reload|drain)
+ test "\`$POSTCONF \-c $dir \-h multi_instance_enable\`" \e
+ = yes || continue;;
+ start)
+ test "\`$POSTCONF \-c $dir \-h multi_instance_enable\`" \e
+ = yes || {
+ $POSTFIX \-c $dir check || err=$?
+ continue
+ };;
+ esac
+ $POSTFIX \-c $dir "$@" || err=$?
+done
+
+exit $err
+.fi
+.SH "PER-INSTANCE MULTI-INSTANCE MANAGER CONTROLS"
+.na
+.nf
+.ad
+.fi
+Each Postfix instance has its own main.cf file with parameters
+that control how the multi\-instance manager operates on
+that instance. This section discusses the most important
+settings.
+
+The setting "multi_instance_enable = yes" allows the
+multi\-instance manager to start (stop, etc.) the corresponding
+Postfix instance. For safety reasons, this setting is not
+the default.
+
+The default setting "multi_instance_enable = no" is useful
+for manual testing with "postfix \-c \fI/path/name\fR start"
+etc. The multi\-instance manager will not start such an
+instance, and it will skip commands such as "stop" or "flush"
+that require a running Postfix instance. The multi\-instance
+manager will execute commands such as "check", "set\-permissions"
+or "upgrade\-configuration", and it will replace "start" by
+"check" so that problems will be reported even when the
+instance is disabled.
+.SH "MAINTAINING SHARED AND NON-SHARED FILES"
+.na
+.nf
+.ad
+.fi
+Some files are shared between Postfix instances, such as
+executables and manpages, and some files are per\-instance,
+such as configuration files, mail queue files, and data
+files. See the NON\-SHARED FILES section below for a list
+of per\-instance files.
+
+Before Postfix multi\-instance support was implemented, the
+executables, manpages, etc., have always been maintained
+as part of the default Postfix instance.
+
+With multi\-instance support, we simply continue to do this.
+Specifically, a Postfix instance will not check or update
+shared files when that instance's config_directory value is
+listed with the default main.cf file's multi_instance_directories
+parameter.
+
+The consequence of this approach is that the default Postfix
+instance should be checked and updated before any other
+instances.
+.SH "MULTI-INSTANCE API SUMMARY"
+.na
+.nf
+.ad
+.fi
+Only the multi\-instance manager implements support for the
+multi_instance_enable configuration parameter. The
+multi\-instance manager will start only Postfix instances
+whose main.cf file has "multi_instance_enable = yes". A
+setting of "no" allows a Postfix instance to be tested by
+hand.
+
+The postfix(1) command operates on only one Postfix instance
+when the \-c option is specified, or when MAIL_CONFIG is
+present in the process environment. This is necessary to
+terminate recursion.
+
+Otherwise, when the multi_instance_directories parameter
+value is non\-empty, the postfix(1) command executes the
+command specified with the multi_instance_wrapper parameter,
+instead of executing the commands in postfix\-script.
+
+The multi\-instance manager skips commands such as "stop"
+or "reload" that require a running Postfix instance, when
+an instance does not have "multi_instance_enable = yes".
+This avoids false error messages.
+
+The multi\-instance manager replaces a "start" command by
+"check" when a Postfix instance's main.cf file does not
+have "multi_instance_enable = yes". This substitution ensures
+that problems will be reported even when the instance is
+disabled.
+
+No Postfix command or script will update or check shared
+files when its config_directory value is listed in the
+default main.cf's multi_instance_directories parameter
+value. Therefore, the default instance should be checked
+and updated before any Postfix instances that depend on it.
+
+Set\-gid commands such as postdrop(1) and postqueue(1)
+effectively append the multi_instance_directories parameter
+value to the legacy alternate_config_directories parameter
+value. The commands use this information to determine whether
+a \-c option or MAIL_CONFIG environment setting specifies a
+legitimate value.
+
+The legacy alternate_config_directories parameter remains
+necessary for non\-default Postfix instances that are running
+different versions of Postfix, or that are not managed
+together with the default Postfix instance.
+.SH "ENVIRONMENT VARIABLES"
+.na
+.nf
+.ad
+.fi
+.IP MAIL_CONFIG
+When present, this forces the postfix(1) command to operate
+only on the specified Postfix instance. This environment
+variable is exported by the postfix(1) \-c option, so that
+postfix(1) commands in descendant processes will work
+correctly.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+The text below provides only a parameter summary. See
+postconf(5) for more details.
+.IP "\fBmulti_instance_directories (empty)\fR"
+An optional list of non\-default Postfix configuration directories;
+these directories belong to additional Postfix instances that share
+the Postfix executable files and documentation with the default
+Postfix instance, and that are started, stopped, etc., together
+with the default Postfix instance.
+.IP "\fBmulti_instance_wrapper (empty)\fR"
+The pathname of a multi\-instance manager command that the
+\fBpostfix\fR(1) command invokes when the multi_instance_directories
+parameter value is non\-empty.
+.IP "\fBmulti_instance_name (empty)\fR"
+The optional instance name of this Postfix instance.
+.IP "\fBmulti_instance_group (empty)\fR"
+The optional instance group name of this Postfix instance.
+.IP "\fBmulti_instance_enable (no)\fR"
+Allow this Postfix instance to be started, stopped, etc., by a
+multi\-instance manager.
+.SH "NON-SHARED FILES"
+.na
+.nf
+.ad
+.fi
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBdata_directory (see 'postconf -d' output)\fR"
+The directory with Postfix\-writable data files (for example:
+caches, pseudo\-random numbers).
+.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
+The location of the Postfix top\-level queue directory.
+.SH "SEE ALSO"
+.na
+.nf
+postfix(1) Postfix control program
+postmulti(1) full\-blown multi\-instance manager
+$daemon_directory/postfix\-wrapper simple multi\-instance manager
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this
+software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man5/regexp_table.5 b/man/man5/regexp_table.5
new file mode 100644
index 0000000..9eeefe4
--- /dev/null
+++ b/man/man5/regexp_table.5
@@ -0,0 +1,236 @@
+.TH REGEXP_TABLE 5
+.ad
+.fi
+.SH NAME
+regexp_table
+\-
+format of Postfix regular expression tables
+.SH "SYNOPSIS"
+.na
+.nf
+\fBpostmap \-q "\fIstring\fB" regexp:/etc/postfix/\fIfilename\fR
+
+\fBpostmap \-q \- regexp:/etc/postfix/\fIfilename\fB <\fIinputfile\fR
+.SH DESCRIPTION
+.ad
+.fi
+The Postfix mail system uses optional tables for address
+rewriting, mail routing, or access control. These tables
+are usually in \fBdbm\fR or \fBdb\fR format.
+
+Alternatively, lookup tables can be specified in POSIX regular
+expression form. In this case, each input is compared against a
+list of patterns. When a match is found, the corresponding
+result is returned and the search is terminated.
+
+To find out what types of lookup tables your Postfix system
+supports use the "\fBpostconf \-m\fR" command.
+
+To test lookup tables, use the "\fBpostmap \-q\fR" command
+as described in the SYNOPSIS above. Use "\fBpostmap \-hmq
+\-\fR <\fIfile\fR" for header_checks(5) patterns, and
+"\fBpostmap \-bmq \-\fR <\fIfile\fR" for body_checks(5)
+(Postfix 2.6 and later).
+.SH "COMPATIBILITY"
+.na
+.nf
+.ad
+.fi
+With Postfix version 2.2 and earlier specify "\fBpostmap
+\-fq\fR" to query a table that contains case sensitive
+patterns. Patterns are case insensitive by default.
+.SH "TABLE FORMAT"
+.na
+.nf
+.ad
+.fi
+The general form of a Postfix regular expression table is:
+.IP "\fB/\fIpattern\fB/\fIflags result\fR"
+When \fIpattern\fR matches the input string,
+use the corresponding \fIresult\fR value.
+.IP "\fB!/\fIpattern\fB/\fIflags result\fR"
+When \fIpattern\fR does \fBnot\fR match the input string,
+use the corresponding \fIresult\fR value.
+.IP "\fBif /\fIpattern\fB/\fIflags\fR"
+.IP "\fBendif\fR"
+If the input string matches /\fIpattern\fR/, then match that
+input string against the patterns between \fBif\fR and
+\fBendif\fR. The \fBif\fR..\fBendif\fR can nest.
+.sp
+Note: do not prepend whitespace to patterns inside
+\fBif\fR..\fBendif\fR.
+.sp
+This feature is available in Postfix 2.1 and later.
+.IP "\fBif !/\fIpattern\fB/\fIflags\fR"
+.IP "\fBendif\fR"
+If the input string does not match /\fIpattern\fR/, then
+match that input string against the patterns between \fBif\fR
+and \fBendif\fR. The \fBif\fR..\fBendif\fR can nest.
+.sp
+Note: do not prepend whitespace to patterns inside
+\fBif\fR..\fBendif\fR.
+.sp
+This feature is available in Postfix 2.1 and later.
+.IP "blank lines and comments"
+Empty lines and whitespace\-only lines are ignored, as
+are lines whose first non\-whitespace character is a `#'.
+.IP "multi\-line text"
+A logical line starts with non\-whitespace text. A line that
+starts with whitespace continues a logical line.
+.PP
+Each pattern is a POSIX regular expression enclosed by a pair of
+delimiters. The regular expression syntax is documented in
+\fBre_format\fR(7) with 4.4BSD, in \fBregex\fR(5) with Solaris, and in
+\fBregex\fR(7) with Linux. Other systems may use other document names.
+
+The expression delimiter can be any non\-alphanumerical
+character, except whitespace
+or characters that have special meaning (traditionally the forward
+slash is used). The regular expression can contain whitespace.
+
+By default, matching is case\-insensitive, and newlines are not
+treated as special characters. The behavior is controlled by flags,
+which are toggled by appending one or more of the following
+characters after the pattern:
+.IP "\fBi\fR (default: on)"
+Toggles the case sensitivity flag. By default, matching is case
+insensitive.
+.IP "\fBm\fR (default: off)"
+Toggle the multi\-line mode flag. When this flag is on, the \fB^\fR
+and \fB$\fR metacharacters match immediately after and immediately
+before a newline character, respectively, in addition to
+matching at the start and end of the input string.
+.IP "\fBx\fR (default: on)"
+Toggles the extended expression syntax flag. By default, support
+for extended expression syntax is enabled.
+.SH "TABLE SEARCH ORDER"
+.na
+.nf
+.ad
+.fi
+Patterns are applied in the order as specified in the table, until a
+pattern is found that matches the input string.
+
+Each pattern is applied to the entire input string.
+Depending on the application, that string is an entire client
+hostname, an entire client IP address, or an entire mail address.
+Thus, no parent domain or parent network search is done, and
+\fIuser@domain\fR mail addresses are not broken up into their
+\fIuser\fR and \fIdomain\fR constituent parts, nor is \fIuser+foo\fR
+broken up into \fIuser\fR and \fIfoo\fR.
+.SH "TEXT SUBSTITUTION"
+.na
+.nf
+.ad
+.fi
+Substitution of substrings (text that matches patterns
+inside "()") from the matched expression into the result
+string is requested with $1, $2, etc.; specify $$ to produce
+a $ character as output.
+The macros in the result string may need to be written as
+${n} or $(n) if they aren't followed by whitespace.
+
+Note: since negated patterns (those preceded by \fB!\fR) return a
+result when the expression does not match, substitutions are not
+available for negated patterns.
+.SH "INLINE SPECIFICATION"
+.na
+.nf
+.ad
+.fi
+The contents of a table may be specified in the table name
+(Postfix 3.7 and later).
+The basic syntax is:
+
+.nf
+main.cf:
+ \fIparameter\fR \fB= .. regexp:{ { \fIrule\-1\fB }, { \fIrule\-2\fB } .. } ..\fR
+
+master.cf:
+ \fB.. \-o { \fIparameter\fR \fB= .. regexp:{ { \fIrule\-1\fB }, { \fIrule\-2\fB } .. } .. } ..\fR
+.fi
+
+Postfix ignores whitespace after '{' and before '}', and
+writes each \fIrule\fR as one text line to an in\-memory
+file:
+
+.nf
+in\-memory file:
+ rule\-1
+ rule\-2
+ ..
+.fi
+
+Postfix parses the result as if it is a file in /etc/postfix.
+
+Note: if a rule contains \fB$\fR, specify \fB$$\fR to keep
+Postfix from trying to do \fI$name\fR expansion as it
+evaluates a parameter value.
+.SH "EXAMPLE SMTPD ACCESS MAP"
+.na
+.nf
+# Disallow sender\-specified routing. This is a must if you relay mail
+# for other domains.
+/[%!@].*[%!@]/ 550 Sender\-specified routing rejected
+
+# Postmaster is OK, that way they can talk to us about how to fix
+# their problem.
+/^postmaster@/ OK
+
+# Protect your outgoing majordomo exploders
+if !/^owner\-/
+/^(.*)\-outgoing@(.*)$/ 550 Use ${1}@${2} instead
+endif
+.SH "EXAMPLE HEADER FILTER MAP"
+.na
+.nf
+# These were once common in junk mail.
+/^Subject: make money fast/ REJECT
+/^To: friend@public\\.com/ REJECT
+.SH "EXAMPLE BODY FILTER MAP"
+.na
+.nf
+# First skip over base 64 encoded text to save CPU cycles.
+~^[[:alnum:]+/]{60,}$~ OK
+
+# Put your own body patterns here.
+.SH "SEE ALSO"
+.na
+.nf
+postmap(1), Postfix lookup table manager
+pcre_table(5), format of PCRE tables
+cidr_table(5), format of CIDR tables
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+DATABASE_README, Postfix lookup table overview
+.SH "AUTHOR(S)"
+.na
+.nf
+The regexp table lookup code was originally written by:
+LaMont Jones
+lamont@hp.com
+
+That code was based on the PCRE dictionary contributed by:
+Andrew McNamara
+andrewm@connect.com.au
+connect.com.au Pty. Ltd.
+Level 3, 213 Miller St
+North Sydney, NSW, Australia
+
+Adopted and adapted by:
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man5/relocated.5 b/man/man5/relocated.5
new file mode 100644
index 0000000..fbc85a3
--- /dev/null
+++ b/man/man5/relocated.5
@@ -0,0 +1,195 @@
+.TH RELOCATED 5
+.ad
+.fi
+.SH NAME
+relocated
+\-
+Postfix relocated table format
+.SH "SYNOPSIS"
+.na
+.nf
+\fBpostmap /etc/postfix/relocated\fR
+.SH DESCRIPTION
+.ad
+.fi
+The optional \fBrelocated\fR(5) table provides the information that is
+used in "user has moved to \fInew_location\fR" bounce messages.
+
+Normally, the \fBrelocated\fR(5) table is specified as a text file
+that serves as input to the \fBpostmap\fR(1) command.
+The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
+is used for fast searching by the mail system. Execute the command
+"\fBpostmap /etc/postfix/relocated\fR" to rebuild an indexed
+file after changing the corresponding relocated table.
+
+When the table is provided via other means such as NIS, LDAP
+or SQL, the same lookups are done as for ordinary indexed files.
+
+Alternatively, the table can be provided as a regular\-expression
+map where patterns are given as regular expressions, or lookups
+can be directed to a TCP\-based server. In those case, the lookups
+are done in a slightly different way as described below under
+"REGULAR EXPRESSION TABLES" or "TCP\-BASED TABLES".
+
+Table lookups are case insensitive.
+.SH "CASE FOLDING"
+.na
+.nf
+.ad
+.fi
+The search string is folded to lowercase before database
+lookup. As of Postfix 2.3, the search string is not case
+folded with database types such as regexp: or pcre: whose
+lookup fields can match both upper and lower case.
+.SH "TABLE FORMAT"
+.na
+.nf
+.ad
+.fi
+The input format for the \fBpostmap\fR(1) command is as follows:
+.IP \(bu
+An entry has one of the following form:
+
+.nf
+ \fIpattern new_location\fR
+.fi
+
+Where \fInew_location\fR specifies contact information such as
+an email address, or perhaps a street address or telephone number.
+.IP \(bu
+Empty lines and whitespace\-only lines are ignored, as
+are lines whose first non\-whitespace character is a `#'.
+.IP \(bu
+A logical line starts with non\-whitespace text. A line that
+starts with whitespace continues a logical line.
+.SH "TABLE SEARCH ORDER"
+.na
+.nf
+.ad
+.fi
+With lookups from indexed files such as DB or DBM, or from networked
+tables such as NIS, LDAP or SQL, patterns are tried in the order as
+listed below:
+.IP \fIuser\fR@\fIdomain\fR
+Matches \fIuser\fR@\fIdomain\fR. This form has precedence over all
+other forms.
+.IP \fIuser\fR
+Matches \fIuser\fR@\fIsite\fR when \fIsite\fR is $\fBmyorigin\fR,
+when \fIsite\fR is listed in $\fBmydestination\fR, or when \fIsite\fR
+is listed in $\fBinet_interfaces\fR or $\fBproxy_interfaces\fR.
+.IP @\fIdomain\fR
+Matches other addresses in \fIdomain\fR. This form has the lowest
+precedence.
+.SH "ADDRESS EXTENSION"
+.na
+.nf
+.fi
+.ad
+When a mail address localpart contains the optional recipient delimiter
+(e.g., \fIuser+foo\fR@\fIdomain\fR), the lookup order becomes:
+\fIuser+foo\fR@\fIdomain\fR, \fIuser\fR@\fIdomain\fR, \fIuser+foo\fR,
+\fIuser\fR, and @\fIdomain\fR.
+.SH "REGULAR EXPRESSION TABLES"
+.na
+.nf
+.ad
+.fi
+This section describes how the table lookups change when the table
+is given in the form of regular expressions or when lookups are
+directed to a TCP\-based server. For a description of regular
+expression lookup table syntax, see \fBregexp_table\fR(5) or
+\fBpcre_table\fR(5). For a description of the TCP client/server
+table lookup protocol, see \fBtcp_table\fR(5).
+This feature is available in Postfix 2.5 and later.
+
+Each pattern is a regular expression that is applied to the entire
+address being looked up. Thus, \fIuser@domain\fR mail addresses are not
+broken up into their \fIuser\fR and \fI@domain\fR constituent parts,
+nor is \fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR.
+
+Patterns are applied in the order as specified in the table, until a
+pattern is found that matches the search string.
+
+Results are the same as with indexed file lookups, with
+the additional feature that parenthesized substrings from the
+pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on.
+.SH "TCP-BASED TABLES"
+.na
+.nf
+.ad
+.fi
+This section describes how the table lookups change when lookups
+are directed to a TCP\-based server. For a description of the TCP
+client/server lookup protocol, see \fBtcp_table\fR(5).
+This feature is available in Postfix 2.5 and later.
+
+Each lookup operation uses the entire address once. Thus,
+\fIuser@domain\fR mail addresses are not broken up into their
+\fIuser\fR and \fI@domain\fR constituent parts, nor is
+\fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR.
+
+Results are the same as with indexed file lookups.
+.SH BUGS
+.ad
+.fi
+The table format does not understand quoting conventions.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+The following \fBmain.cf\fR parameters are especially relevant.
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.IP "\fBrelocated_maps (empty)\fR"
+Optional lookup tables with new contact information for users or
+domains that no longer exist.
+.PP
+Other parameters of interest:
+.IP "\fBinet_interfaces (all)\fR"
+The network interface addresses that this mail system receives
+mail on.
+.IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR"
+The list of domains that are delivered via the $local_transport
+mail delivery transport.
+.IP "\fBmyorigin ($myhostname)\fR"
+The domain name that locally\-posted mail appears to come
+from, and that locally posted mail is delivered to.
+.IP "\fBproxy_interfaces (empty)\fR"
+The network interface addresses that this mail system receives mail
+on by way of a proxy or network address translation unit.
+.SH "SEE ALSO"
+.na
+.nf
+trivial\-rewrite(8), address resolver
+postmap(1), Postfix lookup table manager
+postconf(5), configuration parameters
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+DATABASE_README, Postfix lookup table overview
+ADDRESS_REWRITING_README, address rewriting guide
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man5/socketmap_table.5 b/man/man5/socketmap_table.5
new file mode 100644
index 0000000..c53db3d
--- /dev/null
+++ b/man/man5/socketmap_table.5
@@ -0,0 +1,120 @@
+.TH SOCKETMAP_TABLE 5
+.ad
+.fi
+.SH NAME
+socketmap_table
+\-
+Postfix socketmap table lookup client
+.SH "SYNOPSIS"
+.na
+.nf
+\fBpostmap \-q "\fIstring\fB" socketmap:inet:\fIhost\fB:\fIport\fB:\fIname\fR
+.br
+\fBpostmap \-q "\fIstring\fB" socketmap:unix:\fIpathname\fB:\fIname\fR
+
+\fBpostmap \-q \- socketmap:inet:\fIhost\fB:\fIport\fB:\fIname\fB <\fIinputfile\fR
+.br
+\fBpostmap \-q \- socketmap:unix:\fIpathname\fB:\fIname\fB <\fIinputfile\fR
+.SH DESCRIPTION
+.ad
+.fi
+The Postfix mail system uses optional tables for address
+rewriting. mail routing or policy lookup.
+
+The Postfix socketmap client expects TCP endpoint names of
+the form \fBinet:\fIhost\fB:\fIport\fB:\fIname\fR, or
+UNIX\-domain endpoints of the form \fBunix:\fIpathname\fB:\fIname\fR.
+In both cases, \fIname\fR specifies the name field in a
+socketmap client request (see "REQUEST FORMAT" below).
+.SH "PROTOCOL"
+.na
+.nf
+.ad
+.fi
+Socketmaps use a simple protocol: the client sends one
+request, and the server sends one reply. Each request and
+each reply are sent as one netstring object.
+.SH "REQUEST FORMAT"
+.na
+.nf
+.ad
+.fi
+The socketmap protocol supports only the lookup request.
+The request has the following form:
+
+.IP "\fB\fIname\fB <space> \fIkey\fR"
+Search the named socketmap for the specified key.
+.PP
+Postfix will not generate partial search keys such as domain
+names without one or more subdomains, network addresses
+without one or more least\-significant octets, or email
+addresses without the localpart, address extension or domain
+portion. This behavior is also found with cidr:, pcre:, and
+regexp: tables.
+.SH "REPLY FORMAT"
+.na
+.nf
+.ad
+.fi
+The Postfix socketmap client requires that replies are not
+longer than 100000 characters (not including the netstring
+encapsulation). Replies must have the following form:
+.IP "\fBOK <space> \fIdata\fR"
+The requested data was found.
+.IP "\fBNOTFOUND <space>"
+The requested data was not found.
+.IP "\fBTEMP <space> \fIreason\fR"
+.IP "\fBTIMEOUT <space> \fIreason\fR"
+.IP "\fBPERM <space> \fIreason\fR"
+The request failed. The reason, if non\-empty, is descriptive
+text.
+.SH "SECURITY"
+.na
+.nf
+This map cannot be used for security\-sensitive information,
+because neither the connection nor the server are authenticated.
+.SH "SEE ALSO"
+.na
+.nf
+http://cr.yp.to/proto/netstrings.txt, netstring definition
+postconf(1), Postfix supported lookup tables
+postmap(1), Postfix lookup table manager
+regexp_table(5), format of regular expression tables
+pcre_table(5), format of PCRE tables
+cidr_table(5), format of CIDR tables
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+DATABASE_README, Postfix lookup table overview
+.SH BUGS
+.ad
+.fi
+The protocol limits are not yet configurable.
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH HISTORY
+.ad
+.fi
+Socketmap support was introduced with Postfix version 2.10.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man5/sqlite_table.5 b/man/man5/sqlite_table.5
new file mode 100644
index 0000000..c065597
--- /dev/null
+++ b/man/man5/sqlite_table.5
@@ -0,0 +1,284 @@
+.TH SQLITE_TABLE 5
+.ad
+.fi
+.SH NAME
+sqlite_table
+\-
+Postfix SQLite configuration
+.SH "SYNOPSIS"
+.na
+.nf
+\fBpostmap \-q "\fIstring\fB" sqlite:/etc/postfix/\fIfilename\fR
+
+\fBpostmap \-q \- sqlite:/etc/postfix/\fIfilename\fB <\fIinputfile\fR
+.SH DESCRIPTION
+.ad
+.fi
+The Postfix mail system uses optional tables for address
+rewriting or mail routing. These tables are usually in
+\fBdbm\fR or \fBdb\fR format.
+
+Alternatively, lookup tables can be specified as SQLite databases.
+In order to use SQLite lookups, define an SQLite source as a lookup
+table in main.cf, for example:
+.nf
+ alias_maps = sqlite:/etc/postfix/sqlite\-aliases.cf
+.fi
+
+The file /etc/postfix/sqlite\-aliases.cf has the same format as
+the Postfix main.cf file, and can specify the parameters
+described below.
+.SH "LIST MEMBERSHIP"
+.na
+.nf
+.ad
+.fi
+When using SQL to store lists such as $mynetworks,
+$mydestination, $relay_domains, $local_recipient_maps,
+etc., it is important to understand that the table must
+store each list member as a separate key. The table lookup
+verifies the *existence* of the key. See "Postfix lists
+versus tables" in the DATABASE_README document for a
+discussion.
+
+Do NOT create tables that return the full list of domains
+in $mydestination or $relay_domains etc., or IP addresses
+in $mynetworks.
+
+DO create tables with each matching item as a key and with
+an arbitrary value. With SQL databases it is not uncommon to
+return the key itself or a constant value.
+.SH "SQLITE PARAMETERS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBdbpath\fR"
+The SQLite database file location. Example:
+.nf
+ dbpath = customer_database
+.fi
+.IP "\fBquery\fR"
+The SQL query template used to search the database, where \fB%s\fR
+is a substitute for the address Postfix is trying to resolve,
+e.g.
+.nf
+ query = SELECT replacement FROM aliases WHERE mailbox = '%s'
+.fi
+
+This parameter supports the following '%' expansions:
+.RS
+.IP "\fB%%\fR"
+This is replaced by a literal '%' character.
+.IP "\fB%s\fR"
+This is replaced by the input key.
+SQL quoting is used to make sure that the input key does not
+add unexpected metacharacters.
+.IP "\fB%u\fR"
+When the input key is an address of the form user@domain, \fB%u\fR
+is replaced by the SQL quoted local part of the address.
+Otherwise, \fB%u\fR is replaced by the entire search string.
+If the localpart is empty, the query is suppressed and returns
+no results.
+.IP "\fB%d\fR"
+When the input key is an address of the form user@domain, \fB%d\fR
+is replaced by the SQL quoted domain part of the address.
+Otherwise, the query is suppressed and returns no results.
+.IP "\fB%[SUD]\fR"
+The upper\-case equivalents of the above expansions behave in the
+\fBquery\fR parameter identically to their lower\-case counter\-parts.
+With the \fBresult_format\fR parameter (see below), they expand the
+input key rather than the result value.
+.IP "\fB%[1\-9]\fR"
+The patterns %1, %2, ... %9 are replaced by the corresponding
+most significant component of the input key's domain. If the
+input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR,
+%2 is \fBexample\fR and %3 is \fBmail\fR. If the input key is
+unqualified or does not have enough domain components to satisfy
+all the specified patterns, the query is suppressed and returns
+no results.
+.RE
+.IP
+The \fBdomain\fR parameter described below limits the input
+keys to addresses in matching domains. When the \fBdomain\fR
+parameter is non\-empty, SQL queries for unqualified addresses
+or addresses in non\-matching domains are suppressed
+and return no results.
+
+This parameter is available with Postfix 2.2. In prior releases
+the SQL query was built from the separate parameters:
+\fBselect_field\fR, \fBtable\fR, \fBwhere_field\fR and
+\fBadditional_conditions\fR. The mapping from the old parameters
+to the equivalent query is:
+
+.nf
+ SELECT [\fBselect_field\fR]
+ FROM [\fBtable\fR]
+ WHERE [\fBwhere_field\fR] = '%s'
+ [\fBadditional_conditions\fR]
+.fi
+
+The '%s' in the \fBWHERE\fR clause expands to the escaped search string.
+With Postfix 2.2 these legacy parameters are used if the \fBquery\fR
+parameter is not specified.
+
+NOTE: DO NOT put quotes around the query parameter.
+.IP "\fBresult_format (default: \fB%s\fR)\fR"
+Format template applied to result attributes. Most commonly used
+to append (or prepend) text to the result. This parameter supports
+the following '%' expansions:
+.RS
+.IP "\fB%%\fR"
+This is replaced by a literal '%' character.
+.IP "\fB%s\fR"
+This is replaced by the value of the result attribute. When
+result is empty it is skipped.
+.IP "\fB%u\fR
+When the result attribute value is an address of the form
+user@domain, \fB%u\fR is replaced by the local part of the
+address. When the result has an empty localpart it is skipped.
+.IP "\fB%d\fR"
+When a result attribute value is an address of the form
+user@domain, \fB%d\fR is replaced by the domain part of
+the attribute value. When the result is unqualified it
+is skipped.
+.IP "\fB%[SUD1\-9]\fR"
+The upper\-case and decimal digit expansions interpolate
+the parts of the input key rather than the result. Their
+behavior is identical to that described with \fBquery\fR,
+and in fact because the input key is known in advance, queries
+whose key does not contain all the information specified in
+the result template are suppressed and return no results.
+.RE
+.IP
+For example, using "result_format = smtp:[%s]" allows one
+to use a mailHost attribute as the basis of a transport(5)
+table. After applying the result format, multiple values
+are concatenated as comma separated strings. The expansion_limit
+and parameter explained below allows one to restrict the number
+of values in the result, which is especially useful for maps that
+must return at most one value.
+
+The default value \fB%s\fR specifies that each result value should
+be used as is.
+
+This parameter is available with Postfix 2.2 and later.
+
+NOTE: DO NOT put quotes around the result format!
+.IP "\fBdomain (default: no domain list)\fR"
+This is a list of domain names, paths to files, or "type:table"
+databases. When specified, only fully qualified search
+keys with a *non\-empty* localpart and a matching domain
+are eligible for lookup: 'user' lookups, bare domain lookups
+and "@domain" lookups are not performed. This can significantly
+reduce the query load on the SQLite server.
+.nf
+ domain = postfix.org, hash:/etc/postfix/searchdomains
+.fi
+
+It is best not to use SQL to store the domains eligible
+for SQL lookups.
+
+This parameter is available with Postfix 2.2 and later.
+
+NOTE: DO NOT define this parameter for local(8) aliases,
+because the input keys are always unqualified.
+.IP "\fBexpansion_limit (default: 0)\fR"
+A limit on the total number of result elements returned
+(as a comma separated list) by a lookup against the map.
+A setting of zero disables the limit. Lookups fail with a
+temporary error if the limit is exceeded. Setting the
+limit to 1 ensures that lookups do not return multiple
+values.
+.SH "OBSOLETE MAIN.CF PARAMETERS"
+.na
+.nf
+.ad
+.fi
+For compatibility with other Postfix lookup tables, SQLite
+parameters can also be defined in main.cf. In order to do that,
+specify as SQLite source a name that doesn't begin with a slash
+or a dot. The SQLite parameters will then be accessible as the
+name you've given the source in its definition, an underscore,
+and the name of the parameter. For example, if the map is
+specified as "sqlite:\fIsqlitename\fR", the parameter "query"
+would be defined in main.cf as "\fIsqlitename\fR_query".
+.SH "OBSOLETE QUERY INTERFACE"
+.na
+.nf
+.ad
+.fi
+This section describes an interface that is deprecated as
+of Postfix 2.2. It is replaced by the more general \fBquery\fR
+interface described above. If the \fBquery\fR parameter
+is defined, the legacy parameters described here ignored.
+Please migrate to the new interface as the legacy interface
+may be removed in a future release.
+
+The following parameters can be used to fill in a
+SELECT template statement of the form:
+
+.nf
+ SELECT [\fBselect_field\fR]
+ FROM [\fBtable\fR]
+ WHERE [\fBwhere_field\fR] = '%s'
+ [\fBadditional_conditions\fR]
+.fi
+
+The specifier %s is replaced by the search string, and is
+escaped so if it contains single quotes or other odd characters,
+it will not cause a parse error, or worse, a security problem.
+.IP "\fBselect_field\fR"
+The SQL "select" parameter. Example:
+.nf
+ \fBselect_field\fR = forw_addr
+.fi
+.IP "\fBtable\fR"
+The SQL "select .. from" table name. Example:
+.nf
+ \fBtable\fR = mxaliases
+.fi
+.IP "\fBwhere_field\fR
+The SQL "select .. where" parameter. Example:
+.nf
+ \fBwhere_field\fR = alias
+.fi
+.IP "\fBadditional_conditions\fR
+Additional conditions to the SQL query. Example:
+.nf
+ \fBadditional_conditions\fR = AND status = 'paid'
+.fi
+.SH "SEE ALSO"
+.na
+.nf
+postmap(1), Postfix lookup table maintenance
+postconf(5), configuration parameters
+ldap_table(5), LDAP lookup tables
+mysql_table(5), MySQL lookup tables
+pgsql_table(5), PostgreSQL lookup tables
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+DATABASE_README, Postfix lookup table overview
+SQLITE_README, Postfix SQLITE howto
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH HISTORY
+.ad
+.fi
+SQLite support was introduced with Postfix version 2.8.
+.SH "AUTHOR(S)"
+.na
+.nf
+Original implementation by:
+Axel Steiner
diff --git a/man/man5/tcp_table.5 b/man/man5/tcp_table.5
new file mode 100644
index 0000000..02a7989
--- /dev/null
+++ b/man/man5/tcp_table.5
@@ -0,0 +1,133 @@
+.TH TCP_TABLE 5
+.ad
+.fi
+.SH NAME
+tcp_table
+\-
+Postfix client/server table lookup protocol
+.SH "SYNOPSIS"
+.na
+.nf
+\fBpostmap \-q "\fIstring\fB" tcp:\fIhost:port\fR
+
+\fBpostmap \-q \- tcp:\fIhost:port\fB <\fIinputfile\fR
+.SH DESCRIPTION
+.ad
+.fi
+The Postfix mail system uses optional tables for address
+rewriting or mail routing. These tables are usually in
+\fBdbm\fR or \fBdb\fR format. Alternatively, table lookups
+can be directed to a TCP server.
+
+To find out what types of lookup tables your Postfix system
+supports use the "\fBpostconf \-m\fR" command.
+
+To test lookup tables, use the "\fBpostmap \-q\fR" command as
+described in the SYNOPSIS above.
+.SH "PROTOCOL DESCRIPTION"
+.na
+.nf
+.ad
+.fi
+The TCP map class implements a very simple protocol: the client
+sends a request, and the server sends one reply. Requests and
+replies are sent as one line of ASCII text, terminated by the
+ASCII newline character. Request and reply parameters (see below)
+are separated by whitespace.
+
+Send and receive operations must complete in 100 seconds.
+.SH "REQUEST FORMAT"
+.na
+.nf
+.ad
+.fi
+The tcp_table protocol supports only the lookup request.
+The request has the following form:
+.IP "\fBget\fR SPACE \fIkey\fR NEWLINE"
+Look up data under the specified key.
+.PP
+Postfix will not generate partial search keys such as domain
+names without one or more subdomains, network addresses
+without one or more least\-significant octets, or email
+addresses without the localpart, address extension or domain
+portion. This behavior is also found with cidr:, pcre:, and
+regexp: tables.
+.SH "REPLY FORMAT"
+.na
+.nf
+.ad
+.fi
+Each reply specifies a status code and text. Replies must be no
+longer than 4096 characters including the newline terminator.
+.IP "\fB500\fR SPACE \fItext\fR NEWLINE"
+In case of a lookup request, the requested data does not exist.
+The text describes the nature of the problem.
+.IP "\fB400\fR SPACE \fItext\fR NEWLINE"
+This indicates an error condition. The text describes the nature of
+the problem. The client should retry the request later.
+.IP "\fB200\fR SPACE \fItext\fR NEWLINE"
+The request was successful. In the case of a lookup request,
+the text contains an encoded version of the requested data.
+.SH "ENCODING"
+.na
+.nf
+.ad
+.fi
+In request and reply parameters, the character %, each non\-printing
+character, and each whitespace character must be replaced by %XX,
+where XX is the corresponding ASCII hexadecimal character value. The
+hexadecimal codes can be specified in any case (upper, lower, mixed).
+
+The Postfix client always encodes a request.
+The server may omit the encoding as long as the reply
+is guaranteed to not contain the % or NEWLINE character.
+.SH "SECURITY"
+.na
+.nf
+.ad
+.fi
+Do not use TCP lookup tables for security critical purposes.
+The client\-server connection is not protected and the server
+is not authenticated.
+.SH BUGS
+.ad
+.fi
+Only the lookup method is currently implemented.
+
+The client does not hang up when the connection is idle for
+a long time.
+.SH "SEE ALSO"
+.na
+.nf
+postmap(1), Postfix lookup table manager
+regexp_table(5), format of regular expression tables
+pcre_table(5), format of PCRE tables
+cidr_table(5), format of CIDR tables
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+DATABASE_README, Postfix lookup table overview
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man5/transport.5 b/man/man5/transport.5
new file mode 100644
index 0000000..223b958
--- /dev/null
+++ b/man/man5/transport.5
@@ -0,0 +1,335 @@
+.TH TRANSPORT 5
+.ad
+.fi
+.SH NAME
+transport
+\-
+Postfix transport table format
+.SH "SYNOPSIS"
+.na
+.nf
+\fBpostmap /etc/postfix/transport\fR
+
+\fBpostmap \-q "\fIstring\fB" /etc/postfix/transport\fR
+
+\fBpostmap \-q \- /etc/postfix/transport <\fIinputfile\fR
+.SH DESCRIPTION
+.ad
+.fi
+The optional \fBtransport\fR(5) table specifies a mapping from email
+addresses to message delivery transports and next\-hop destinations.
+Message delivery transports such as \fBlocal\fR or \fBsmtp\fR
+are defined in the \fBmaster.cf\fR file, and next\-hop
+destinations are typically hosts or domain names. The
+table is searched by the \fBtrivial\-rewrite\fR(8) daemon.
+
+This mapping overrides the default \fItransport\fR:\fInexthop\fR
+selection that is built into Postfix:
+.IP "\fBlocal_transport (default: local:$myhostname)\fR"
+This is the default for final delivery to domains listed
+with \fBmydestination\fR, and for [\fIipaddress\fR]
+destinations that match \fB$inet_interfaces\fR or
+\fB$proxy_interfaces\fR. The default \fInexthop\fR destination
+is the MTA hostname.
+.IP "\fBvirtual_transport (default: virtual:)\fR"
+This is the default for final delivery to domains listed
+with \fBvirtual_mailbox_domains\fR. The default \fInexthop\fR
+destination is the recipient domain.
+.IP "\fBrelay_transport (default: relay:)\fR"
+This is the default for remote delivery to domains listed
+with \fBrelay_domains\fR. In order of decreasing precedence,
+the \fInexthop\fR destination is taken from \fBrelay_transport\fR,
+\fBsender_dependent_relayhost_maps\fR, \fBrelayhost\fR, or from the
+recipient domain.
+.IP "\fBdefault_transport (default: smtp:)\fR"
+This is the default for remote delivery to other destinations.
+In order of decreasing precedence, the \fInexthop\fR
+destination is taken from \fBsender_dependent_default_transport_maps,
+\fBdefault_transport\fR, \fBsender_dependent_relayhost_maps\fR,
+\fBrelayhost\fR, or from the recipient domain.
+.PP
+Normally, the \fBtransport\fR(5) table is specified as a text file
+that serves as input to the \fBpostmap\fR(1) command.
+The result, an indexed file in \fBdbm\fR or \fBdb\fR format, is used
+for fast searching by the mail system. Execute the command
+"\fBpostmap /etc/postfix/transport\fR" to rebuild an indexed
+file after changing the corresponding transport table.
+
+When the table is provided via other means such as NIS, LDAP
+or SQL, the same lookups are done as for ordinary indexed files.
+
+Alternatively, the table can be provided as a regular\-expression
+map where patterns are given as regular expressions, or lookups
+can be directed to a TCP\-based server. In those case, the lookups
+are done in a slightly different way as described below under
+"REGULAR EXPRESSION TABLES" or "TCP\-BASED TABLES".
+.SH "CASE FOLDING"
+.na
+.nf
+.ad
+.fi
+The search string is folded to lowercase before database
+lookup. As of Postfix 2.3, the search string is not case
+folded with database types such as regexp: or pcre: whose
+lookup fields can match both upper and lower case.
+.SH "TABLE FORMAT"
+.na
+.nf
+.ad
+.fi
+The input format for the \fBpostmap\fR(1) command is as follows:
+.IP "\fIpattern result\fR"
+When \fIpattern\fR matches the recipient address or domain, use the
+corresponding \fIresult\fR.
+.IP "blank lines and comments"
+Empty lines and whitespace\-only lines are ignored, as
+are lines whose first non\-whitespace character is a `#'.
+.IP "multi\-line text"
+A logical line starts with non\-whitespace text. A line that
+starts with whitespace continues a logical line.
+.PP
+The \fIpattern\fR specifies an email address, a domain name, or
+a domain name hierarchy, as described in section "TABLE
+SEARCH ORDER".
+
+The \fIresult\fR is of the form \fItransport:nexthop\fR and
+specifies how or where to deliver mail. This is described in
+section "RESULT FORMAT".
+.SH "TABLE SEARCH ORDER"
+.na
+.nf
+.ad
+.fi
+With lookups from indexed files such as DB or DBM, or from networked
+tables such as NIS, LDAP or SQL, patterns are tried in the order as
+listed below:
+.IP "\fIuser+extension@domain transport\fR:\fInexthop\fR"
+Deliver mail for \fIuser+extension@domain\fR through
+\fItransport\fR to
+\fInexthop\fR.
+.IP "\fIuser@domain transport\fR:\fInexthop\fR"
+Deliver mail for \fIuser@domain\fR through \fItransport\fR to
+\fInexthop\fR.
+.IP "\fIdomain transport\fR:\fInexthop\fR"
+Deliver mail for \fIdomain\fR through \fItransport\fR to
+\fInexthop\fR.
+.IP "\fI.domain transport\fR:\fInexthop\fR"
+Deliver mail for any subdomain of \fIdomain\fR through
+\fItransport\fR to \fInexthop\fR. This applies only when the
+string \fBtransport_maps\fR is not listed in the
+\fBparent_domain_matches_subdomains\fR configuration setting.
+Otherwise, a domain name matches itself and its subdomains.
+.IP "\fB*\fI transport\fR:\fInexthop\fR"
+The special pattern \fB*\fR represents any address (i.e. it
+functions as the wild\-card pattern, and is unique to Postfix
+transport tables).
+.PP
+Note 1: the null recipient address is looked up as
+\fB$empty_address_recipient\fR@\fB$myhostname\fR (default:
+mailer\-daemon@hostname).
+
+Note 2: \fIuser@domain\fR or \fIuser+extension@domain\fR
+lookup is available in Postfix 2.0 and later.
+.SH "RESULT FORMAT"
+.na
+.nf
+.ad
+.fi
+The lookup result is of the form \fItransport\fB:\fInexthop\fR.
+The \fItransport\fR field specifies a mail delivery transport
+such as \fBsmtp\fR or \fBlocal\fR. The \fInexthop\fR field
+specifies where and how to deliver mail.
+
+The transport field specifies the name of a mail delivery transport
+(the first name of a mail delivery service entry in the Postfix
+\fBmaster.cf\fR file).
+
+The nexthop field usually specifies one recipient domain
+or hostname. In the case of the Postfix SMTP/LMTP client,
+the nexthop field may contain a list of nexthop destinations
+separated by comma or whitespace (Postfix 3.5 and later).
+
+The syntax of a nexthop destination is transport dependent.
+With SMTP, specify a service on a non\-default
+port as \fIhost\fR:\fIservice\fR, and disable MX (mail exchanger)
+DNS lookups with [\fIhost\fR] or [\fIhost\fR]:\fIport\fR. The [] form
+is required when you specify an IP address instead of a hostname.
+
+A null \fItransport\fR and null \fInexthop\fR field means "do
+not change": use the delivery transport and nexthop information
+that would be used when the entire transport table did not exist.
+
+A non\-null \fItransport\fR field with a null \fInexthop\fR field
+resets the nexthop information to the recipient domain.
+
+A null \fItransport\fR field with non\-null \fInexthop\fR field
+does not modify the transport information.
+.SH "EXAMPLES"
+.na
+.nf
+.ad
+.fi
+In order to deliver internal mail directly, while using a
+mail relay for all other mail, specify a null entry for
+internal destinations (do not change the delivery transport or
+the nexthop information) and specify a wildcard for all other
+destinations.
+
+.nf
+ \fB\&my.domain :\fR
+ \fB\&.my.domain :\fR
+ \fB* smtp:outbound\-relay.my.domain\fR
+.fi
+
+In order to send mail for \fBexample.com\fR and its subdomains
+via the \fBuucp\fR transport to the UUCP host named \fBexample\fR:
+
+.nf
+ \fBexample.com uucp:example\fR
+ \fB\&.example.com uucp:example\fR
+.fi
+
+When no nexthop host name is specified, the destination domain
+name is used instead. For example, the following directs mail for
+\fIuser\fR@\fBexample.com\fR via the \fBslow\fR transport to a mail
+exchanger for \fBexample.com\fR. The \fBslow\fR transport could be
+configured to run at most one delivery process at a time:
+
+.nf
+ \fBexample.com slow:\fR
+.fi
+
+When no transport is specified, Postfix uses the transport that
+matches the address domain class (see DESCRIPTION
+above). The following sends all mail for \fBexample.com\fR and its
+subdomains to host \fBgateway.example.com\fR:
+
+.nf
+ \fBexample.com :[gateway.example.com]\fR
+ \fB\&.example.com :[gateway.example.com]\fR
+.fi
+
+In the above example, the [] suppress MX lookups.
+This prevents mail routing loops when your machine is primary MX
+host for \fBexample.com\fR.
+
+In the case of delivery via SMTP or LMTP, one may specify
+\fIhost\fR:\fIservice\fR instead of just a host:
+
+.nf
+ \fBexample.com smtp:bar.example:2025\fR
+.fi
+
+This directs mail for \fIuser\fR@\fBexample.com\fR to host \fBbar.example\fR
+port \fB2025\fR. Instead of a numerical port a symbolic name may be
+used. Specify [] around the hostname if MX lookups must be disabled.
+
+Deliveries via SMTP or LMTP support multiple destinations
+(Postfix >= 3.5):
+
+.nf
+ \fBexample.com smtp:bar.example, foo.example\fR
+.fi
+
+This tries to deliver to \fBbar.example\fR before trying
+to deliver to \fBfoo.example\fR.
+
+The error mailer can be used to bounce mail:
+
+.nf
+ \fB\&.example.com error:mail for *.example.com is not deliverable\fR
+.fi
+
+This causes all mail for \fIuser\fR@\fIanything\fB.example.com\fR
+to be bounced.
+.SH "REGULAR EXPRESSION TABLES"
+.na
+.nf
+.ad
+.fi
+This section describes how the table lookups change when the table
+is given in the form of regular expressions. For a description of
+regular expression lookup table syntax, see \fBregexp_table\fR(5)
+or \fBpcre_table\fR(5).
+
+Each pattern is a regular expression that is applied to the entire
+address being looked up. Thus, \fIsome.domain.hierarchy\fR is not
+looked up via its parent domains,
+nor is \fIuser+foo@domain\fR looked up as \fIuser@domain\fR.
+
+Patterns are applied in the order as specified in the table, until a
+pattern is found that matches the search string.
+
+The \fBtrivial\-rewrite\fR(8) server disallows regular
+expression substitution of $1 etc. in regular expression
+lookup tables, because that could open a security hole
+(Postfix version 2.3 and later).
+.SH "TCP-BASED TABLES"
+.na
+.nf
+.ad
+.fi
+This section describes how the table lookups change when lookups
+are directed to a TCP\-based server. For a description of the TCP
+client/server lookup protocol, see \fBtcp_table\fR(5).
+This feature is not available up to and including Postfix version 2.4.
+
+Each lookup operation uses the entire recipient address once. Thus,
+\fIsome.domain.hierarchy\fR is not looked up via its parent domains,
+nor is \fIuser+foo@domain\fR looked up as \fIuser@domain\fR.
+
+Results are the same as with indexed file lookups.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+The following \fBmain.cf\fR parameters are especially relevant.
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.IP "\fBempty_address_recipient (MAILER\-DAEMON)\fR"
+The recipient of mail addressed to the null address.
+.IP "\fBparent_domain_matches_subdomains (see 'postconf -d' output)\fR"
+A list of Postfix features where the pattern "example.com" also
+matches subdomains of example.com,
+instead of requiring an explicit ".example.com" pattern.
+.IP "\fBtransport_maps (empty)\fR"
+Optional lookup tables with mappings from recipient address to
+(message delivery transport, next\-hop destination).
+.SH "SEE ALSO"
+.na
+.nf
+trivial\-rewrite(8), rewrite and resolve addresses
+master(5), master.cf file format
+postconf(5), configuration parameters
+postmap(1), Postfix lookup table manager
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+ADDRESS_REWRITING_README, address rewriting guide
+DATABASE_README, Postfix lookup table overview
+FILTER_README, external content filter
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man5/virtual.5 b/man/man5/virtual.5
new file mode 100644
index 0000000..5a66c7f
--- /dev/null
+++ b/man/man5/virtual.5
@@ -0,0 +1,337 @@
+.TH VIRTUAL 5
+.ad
+.fi
+.SH NAME
+virtual
+\-
+Postfix virtual alias table format
+.SH "SYNOPSIS"
+.na
+.nf
+\fBpostmap /etc/postfix/virtual\fR
+
+\fBpostmap \-q "\fIstring\fB" /etc/postfix/virtual\fR
+
+\fBpostmap \-q \- /etc/postfix/virtual <\fIinputfile\fR
+.SH DESCRIPTION
+.ad
+.fi
+The optional \fBvirtual\fR(5) alias table rewrites recipient
+addresses for all local, all virtual, and all remote mail
+destinations.
+This is unlike the \fBaliases\fR(5) table which is used
+only for \fBlocal\fR(8) delivery. This feature is implemented
+in the Postfix \fBcleanup\fR(8) daemon before mail is queued.
+
+Virtual aliasing is recursive; to terminate recursion for
+a specific address, alias that address to itself.
+
+The main applications of virtual aliasing are:
+.IP \(bu
+To redirect mail for one address to one or more addresses.
+.IP \(bu
+To implement virtual alias domains where all addresses are aliased
+to addresses in other domains.
+.sp
+Virtual alias domains are not to be confused with the virtual mailbox
+domains that are implemented with the Postfix \fBvirtual\fR(8) mail
+delivery agent. With virtual mailbox domains, each recipient address
+can have its own mailbox.
+.PP
+Virtual aliasing is applied only to recipient
+envelope addresses, and does not affect message headers.
+Use \fBcanonical\fR(5)
+mapping to rewrite header and envelope addresses in general.
+
+Normally, the \fBvirtual\fR(5) alias table is specified as a text file
+that serves as input to the \fBpostmap\fR(1) command.
+The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
+is used for fast searching by the mail system. Execute the command
+"\fBpostmap /etc/postfix/virtual\fR" to rebuild an indexed
+file after changing the corresponding text file.
+
+When the table is provided via other means such as NIS, LDAP
+or SQL, the same lookups are done as for ordinary indexed files.
+
+Alternatively, the table can be provided as a regular\-expression
+map where patterns are given as regular expressions, or lookups
+can be directed to a TCP\-based server. In those case, the lookups
+are done in a slightly different way as described below under
+"REGULAR EXPRESSION TABLES" or "TCP\-BASED TABLES".
+.SH "CASE FOLDING"
+.na
+.nf
+.ad
+.fi
+The search string is folded to lowercase before database
+lookup. As of Postfix 2.3, the search string is not case
+folded with database types such as regexp: or pcre: whose
+lookup fields can match both upper and lower case.
+.SH "TABLE FORMAT"
+.na
+.nf
+.ad
+.fi
+The input format for the \fBpostmap\fR(1) command is as follows:
+.IP "\fIpattern address, address, ...\fR"
+When \fIpattern\fR matches a mail address, replace it by the
+corresponding \fIaddress\fR.
+.IP "blank lines and comments"
+Empty lines and whitespace\-only lines are ignored, as
+are lines whose first non\-whitespace character is a `#'.
+.IP "multi\-line text"
+A logical line starts with non\-whitespace text. A line that
+starts with whitespace continues a logical line.
+.SH "TABLE SEARCH ORDER"
+.na
+.nf
+.ad
+.fi
+With lookups from indexed files such as DB or DBM, or from networked
+tables such as NIS, LDAP or SQL, each \fIuser\fR@\fIdomain\fR
+query produces a sequence of query patterns as described below.
+
+Each query pattern is sent to each specified lookup table
+before trying the next query pattern, until a match is
+found.
+.IP "\fIuser\fR@\fIdomain address, address, ...\fR"
+Redirect mail for \fIuser\fR@\fIdomain\fR to \fIaddress\fR.
+This form has the highest precedence.
+.IP "\fIuser address, address, ...\fR"
+Redirect mail for \fIuser\fR@\fIsite\fR to \fIaddress\fR when
+\fIsite\fR is equal to $\fBmyorigin\fR, when \fIsite\fR is listed in
+$\fBmydestination\fR, or when it is listed in $\fBinet_interfaces\fR
+or $\fBproxy_interfaces\fR.
+.sp
+This functionality overlaps with the functionality of the local
+\fIaliases\fR(5) database. The difference is that \fBvirtual\fR(5)
+mapping can be applied to non\-local addresses.
+.IP "@\fIdomain address, address, ...\fR"
+Redirect mail for other users in \fIdomain\fR to \fIaddress\fR.
+This form has the lowest precedence.
+.sp
+Note: @\fIdomain\fR is a wild\-card. With this form, the
+Postfix SMTP server accepts
+mail for any recipient in \fIdomain\fR, regardless of whether
+that recipient exists. This may turn your mail system into
+a backscatter source: Postfix first accepts mail for
+non\-existent recipients and then tries to return that mail
+as "undeliverable" to the often forged sender address.
+.sp
+To avoid backscatter with mail for a wild\-card domain,
+replace the wild\-card mapping with explicit 1:1 mappings,
+or add a reject_unverified_recipient restriction for that
+domain:
+
+.nf
+ smtpd_recipient_restrictions =
+ ...
+ reject_unauth_destination
+ check_recipient_access
+ inline:{example.com=reject_unverified_recipient}
+ unverified_recipient_reject_code = 550
+.fi
+
+In the above example, Postfix may contact a remote server
+if the recipient is aliased to a remote address.
+.SH "RESULT ADDRESS REWRITING"
+.na
+.nf
+.ad
+.fi
+The lookup result is subject to address rewriting:
+.IP \(bu
+When the result has the form @\fIotherdomain\fR, the
+result becomes the same \fIuser\fR in \fIotherdomain\fR.
+This works only for the first address in a multi\-address
+lookup result.
+.IP \(bu
+When "\fBappend_at_myorigin=yes\fR", append "\fB@$myorigin\fR"
+to addresses without "@domain".
+.IP \(bu
+When "\fBappend_dot_mydomain=yes\fR", append
+"\fB.$mydomain\fR" to addresses without ".domain".
+.SH "ADDRESS EXTENSION"
+.na
+.nf
+.fi
+.ad
+When a mail address localpart contains the optional recipient delimiter
+(e.g., \fIuser+foo\fR@\fIdomain\fR), the lookup order becomes:
+\fIuser+foo\fR@\fIdomain\fR, \fIuser\fR@\fIdomain\fR, \fIuser+foo\fR,
+\fIuser\fR, and @\fIdomain\fR.
+
+The \fBpropagate_unmatched_extensions\fR parameter controls whether
+an unmatched address extension (\fI+foo\fR) is propagated to the
+result of a table lookup.
+.SH "VIRTUAL ALIAS DOMAINS"
+.na
+.nf
+.ad
+.fi
+Besides virtual aliases, the virtual alias table can also be used
+to implement virtual alias domains. With a virtual alias domain, all
+recipient addresses are aliased to addresses in other domains.
+
+Virtual alias domains are not to be confused with the virtual mailbox
+domains that are implemented with the Postfix \fBvirtual\fR(8) mail
+delivery agent. With virtual mailbox domains, each recipient address
+can have its own mailbox.
+
+With a virtual alias domain, the virtual domain has its
+own user name space. Local (i.e. non\-virtual) usernames are not
+visible in a virtual alias domain. In particular, local
+\fBaliases\fR(5) and local mailing lists are not visible as
+\fIlocalname@virtual\-alias.domain\fR.
+
+Support for a virtual alias domain looks like:
+
+.nf
+/etc/postfix/main.cf:
+ virtual_alias_maps = hash:/etc/postfix/virtual
+.fi
+
+Note: some systems use \fBdbm\fR databases instead of \fBhash\fR.
+See the output from "\fBpostconf \-m\fR" for available database types.
+
+.nf
+/etc/postfix/virtual:
+ \fIvirtual\-alias.domain anything\fR (right\-hand content does not matter)
+ \fIpostmaster@virtual\-alias.domain postmaster\fR
+ \fIuser1@virtual\-alias.domain address1\fR
+ \fIuser2@virtual\-alias.domain address2, address3\fR
+.fi
+.sp
+The \fIvirtual\-alias.domain anything\fR entry is required for a
+virtual alias domain. \fBWithout this entry, mail is rejected
+with "relay access denied", or bounces with
+"mail loops back to myself".\fR
+
+Do not specify virtual alias domain names in the \fBmain.cf
+mydestination\fR or \fBrelay_domains\fR configuration parameters.
+
+With a virtual alias domain, the Postfix SMTP server
+accepts mail for \fIknown\-user@virtual\-alias.domain\fR, and rejects
+mail for \fIunknown\-user\fR@\fIvirtual\-alias.domain\fR as undeliverable.
+
+Instead of specifying the virtual alias domain name via
+the \fBvirtual_alias_maps\fR table, you may also specify it via
+the \fBmain.cf virtual_alias_domains\fR configuration parameter.
+This latter parameter uses the same syntax as the \fBmain.cf
+mydestination\fR configuration parameter.
+.SH "REGULAR EXPRESSION TABLES"
+.na
+.nf
+.ad
+.fi
+This section describes how the table lookups change when the table
+is given in the form of regular expressions. For a description of
+regular expression lookup table syntax, see \fBregexp_table\fR(5)
+or \fBpcre_table\fR(5).
+
+Each pattern is a regular expression that is applied to the entire
+address being looked up. Thus, \fIuser@domain\fR mail addresses are not
+broken up into their \fIuser\fR and \fI@domain\fR constituent parts,
+nor is \fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR.
+
+Patterns are applied in the order as specified in the table, until a
+pattern is found that matches the search string.
+
+Results are the same as with indexed file lookups, with
+the additional feature that parenthesized substrings from the
+pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on.
+.SH "TCP-BASED TABLES"
+.na
+.nf
+.ad
+.fi
+This section describes how the table lookups change when lookups
+are directed to a TCP\-based server. For a description of the TCP
+client/server lookup protocol, see \fBtcp_table\fR(5).
+This feature is available in Postfix 2.5 and later.
+
+Each lookup operation uses the entire address once. Thus,
+\fIuser@domain\fR mail addresses are not broken up into their
+\fIuser\fR and \fI@domain\fR constituent parts, nor is
+\fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR.
+
+Results are the same as with indexed file lookups.
+.SH BUGS
+.ad
+.fi
+The table format does not understand quoting conventions.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+The following \fBmain.cf\fR parameters are especially relevant to
+this topic. See the Postfix \fBmain.cf\fR file for syntax details
+and for default values. Use the "\fBpostfix reload\fR" command after
+a configuration change.
+.IP "\fBvirtual_alias_maps ($virtual_maps)\fR"
+Optional lookup tables that alias specific mail addresses or domains
+to other local or remote addresses.
+.IP "\fBvirtual_alias_domains ($virtual_alias_maps)\fR"
+Postfix is the final destination for the specified list of virtual
+alias domains, that is, domains for which all addresses are aliased
+to addresses in other local or remote domains.
+.IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR"
+What address lookup tables copy an address extension from the lookup
+key to the lookup result.
+.PP
+Other parameters of interest:
+.IP "\fBinet_interfaces (all)\fR"
+The network interface addresses that this mail system receives
+mail on.
+.IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR"
+The list of domains that are delivered via the $local_transport
+mail delivery transport.
+.IP "\fBmyorigin ($myhostname)\fR"
+The domain name that locally\-posted mail appears to come
+from, and that locally posted mail is delivered to.
+.IP "\fBowner_request_special (yes)\fR"
+Enable special treatment for owner\-\fIlistname\fR entries in the
+\fBaliases\fR(5) file, and don't split owner\-\fIlistname\fR and
+\fIlistname\fR\-request address localparts when the recipient_delimiter
+is set to "\-".
+.IP "\fBproxy_interfaces (empty)\fR"
+The network interface addresses that this mail system receives mail
+on by way of a proxy or network address translation unit.
+.SH "SEE ALSO"
+.na
+.nf
+cleanup(8), canonicalize and enqueue mail
+postmap(1), Postfix lookup table manager
+postconf(5), configuration parameters
+canonical(5), canonical address mapping
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+ADDRESS_REWRITING_README, address rewriting guide
+DATABASE_README, Postfix lookup table overview
+VIRTUAL_README, domain hosting guide
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man8/anvil.8 b/man/man8/anvil.8
new file mode 100644
index 0000000..89ea9a6
--- /dev/null
+++ b/man/man8/anvil.8
@@ -0,0 +1,302 @@
+.TH ANVIL 8
+.ad
+.fi
+.SH NAME
+anvil
+\-
+Postfix session count and request rate control
+.SH "SYNOPSIS"
+.na
+.nf
+\fBanvil\fR [generic Postfix daemon options]
+.SH DESCRIPTION
+.ad
+.fi
+The Postfix \fBanvil\fR(8) server maintains statistics about
+client connection counts or client request rates. This
+information can be used to defend against clients that
+hammer a server with either too many simultaneous sessions,
+or with too many successive requests within a configurable
+time interval. This server is designed to run under control
+by the Postfix \fBmaster\fR(8) server.
+
+In the following text, \fBident\fR specifies a (service,
+client) combination. The exact syntax of that information
+is application\-dependent; the \fBanvil\fR(8) server does
+not care.
+.SH "CONNECTION COUNT/RATE CONTROL"
+.na
+.nf
+.ad
+.fi
+To register a new connection send the following request to
+the \fBanvil\fR(8) server:
+
+.nf
+ \fBrequest=connect\fR
+ \fBident=\fIstring\fR
+.fi
+
+The \fBanvil\fR(8) server answers with the number of
+simultaneous connections and the number of connections per
+unit time for the (service, client) combination specified
+with \fBident\fR:
+
+.nf
+ \fBstatus=0\fR
+ \fBcount=\fInumber\fR
+ \fBrate=\fInumber\fR
+.fi
+
+To register a disconnect event send the following request
+to the \fBanvil\fR(8) server:
+
+.nf
+ \fBrequest=disconnect\fR
+ \fBident=\fIstring\fR
+.fi
+
+The \fBanvil\fR(8) server replies with:
+
+.nf
+ \fBstatus=0\fR
+.fi
+.SH "MESSAGE RATE CONTROL"
+.na
+.nf
+.ad
+.fi
+To register a message delivery request send the following
+request to the \fBanvil\fR(8) server:
+
+.nf
+ \fBrequest=message\fR
+ \fBident=\fIstring\fR
+.fi
+
+The \fBanvil\fR(8) server answers with the number of message
+delivery requests per unit time for the (service, client)
+combination specified with \fBident\fR:
+
+.nf
+ \fBstatus=0\fR
+ \fBrate=\fInumber\fR
+.fi
+.SH "RECIPIENT RATE CONTROL"
+.na
+.nf
+.ad
+.fi
+To register a recipient request send the following request
+to the \fBanvil\fR(8) server:
+
+.nf
+ \fBrequest=recipient\fR
+ \fBident=\fIstring\fR
+.fi
+
+The \fBanvil\fR(8) server answers with the number of recipient
+addresses per unit time for the (service, client) combination
+specified with \fBident\fR:
+
+.nf
+ \fBstatus=0\fR
+ \fBrate=\fInumber\fR
+.fi
+.SH "TLS SESSION NEGOTIATION RATE CONTROL"
+.na
+.nf
+.ad
+.fi
+The features described in this section are available with
+Postfix 2.3 and later.
+
+To register a request for a new (i.e. not cached) TLS session
+send the following request to the \fBanvil\fR(8) server:
+
+.nf
+ \fBrequest=newtls\fR
+ \fBident=\fIstring\fR
+.fi
+
+The \fBanvil\fR(8) server answers with the number of new
+TLS session requests per unit time for the (service, client)
+combination specified with \fBident\fR:
+
+.nf
+ \fBstatus=0\fR
+ \fBrate=\fInumber\fR
+.fi
+
+To retrieve new TLS session request rate information without
+updating the counter information, send:
+
+.nf
+ \fBrequest=newtls_report\fR
+ \fBident=\fIstring\fR
+.fi
+
+The \fBanvil\fR(8) server answers with the number of new
+TLS session requests per unit time for the (service, client)
+combination specified with \fBident\fR:
+
+.nf
+ \fBstatus=0\fR
+ \fBrate=\fInumber\fR
+.fi
+.SH "AUTH RATE CONTROL"
+.na
+.nf
+.ad
+.fi
+To register an AUTH request send the following request
+to the \fBanvil\fR(8) server:
+
+.nf
+ \fBrequest=auth\fR
+ \fBident=\fIstring\fR
+.fi
+
+The \fBanvil\fR(8) server answers with the number of auth
+requests per unit time for the (service, client) combination
+specified with \fBident\fR:
+
+.nf
+ \fBstatus=0\fR
+ \fBrate=\fInumber\fR
+.fi
+.SH "SECURITY"
+.na
+.nf
+.ad
+.fi
+The \fBanvil\fR(8) server does not talk to the network or to local
+users, and can run chrooted at fixed low privilege.
+
+The \fBanvil\fR(8) server maintains an in\-memory table with
+information about recent clients requests. No persistent
+state is kept because standard system library routines are
+not sufficiently robust for update\-intensive applications.
+
+Although the in\-memory state is kept only temporarily, this
+may require a lot of memory on systems that handle connections
+from many remote clients. To reduce memory usage, reduce
+the time unit over which state is kept.
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
+
+Upon exit, and every \fBanvil_status_update_time\fR
+seconds, the server logs the maximal count and rate values measured,
+together with (service, client) information and the time of day
+associated with those events.
+In order to avoid unnecessary overhead, no measurements
+are done for activity that isn't concurrency limited or
+rate limited.
+.SH BUGS
+.ad
+.fi
+Systems behind network address translating routers or proxies
+appear to have the same client address and can run into connection
+count and/or rate limits falsely.
+
+In this preliminary implementation, a count (or rate) limited server
+process can have only one remote client at a time. If a
+server process reports
+multiple simultaneous clients, state is kept only for the last
+reported client.
+
+The \fBanvil\fR(8) server automatically discards client
+request information after it expires. To prevent the
+\fBanvil\fR(8) server from discarding client request rate
+information too early or too late, a rate limited service
+should always register connect/disconnect events even when
+it does not explicitly limit them.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+On low\-traffic mail systems, changes to \fBmain.cf\fR are
+picked up automatically as \fBanvil\fR(8) processes run for
+only a limited amount of time. On other mail systems, use
+the command "\fBpostfix reload\fR" to speed up a change.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.IP "\fBanvil_rate_time_unit (60s)\fR"
+The time unit over which client connection rates and other rates
+are calculated.
+.IP "\fBanvil_status_update_time (600s)\fR"
+How frequently the \fBanvil\fR(8) connection and rate limiting server
+logs peak usage information.
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBdaemon_timeout (18000s)\fR"
+How much time a Postfix daemon process may take to handle a
+request before it is terminated by a built\-in watchdog timer.
+.IP "\fBipc_timeout (3600s)\fR"
+The time limit for sending or receiving information over an internal
+communication channel.
+.IP "\fBmax_idle (100s)\fR"
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
+.IP "\fBmax_use (100)\fR"
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
+.IP "\fBprocess_id (read\-only)\fR"
+The process ID of a Postfix command or daemon process.
+.IP "\fBprocess_name (read\-only)\fR"
+The process name of a Postfix command or daemon process.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix 3.3 and later:
+.IP "\fBservice_name (read\-only)\fR"
+The master.cf service name of a Postfix daemon process.
+.SH "SEE ALSO"
+.na
+.nf
+smtpd(8), Postfix SMTP server
+postconf(5), configuration parameters
+master(5), generic daemon options
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+TUNING_README, performance tuning
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH HISTORY
+.ad
+.fi
+.ad
+.fi
+The anvil service is available in Postfix 2.2 and later.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man8/bounce.8 b/man/man8/bounce.8
new file mode 100644
index 0000000..007ffdc
--- /dev/null
+++ b/man/man8/bounce.8
@@ -0,0 +1,182 @@
+.TH BOUNCE 8
+.ad
+.fi
+.SH NAME
+bounce
+\-
+Postfix delivery status reports
+.SH "SYNOPSIS"
+.na
+.nf
+\fBbounce\fR [generic Postfix daemon options]
+.SH DESCRIPTION
+.ad
+.fi
+The \fBbounce\fR(8) daemon maintains per\-message log files with
+delivery status information. Each log file is named after the
+queue file that it corresponds to, and is kept in a queue subdirectory
+named after the service name in the \fBmaster.cf\fR file (either
+\fBbounce\fR, \fBdefer\fR or \fBtrace\fR).
+This program expects to be run from the \fBmaster\fR(8) process
+manager.
+
+The \fBbounce\fR(8) daemon processes two types of service requests:
+.IP \(bu
+Append a recipient (non\-)delivery status record to a per\-message
+log file.
+.IP \(bu
+Enqueue a delivery status notification message, with a copy
+of a per\-message log file and of the corresponding message.
+When the delivery status notification message is
+enqueued successfully, the per\-message log file is deleted.
+.PP
+The software does a best notification effort. A non\-delivery
+notification is sent even when the log file or the original
+message cannot be read.
+
+Optionally, a bounce (defer, trace) client can request that the
+per\-message log file be deleted when the requested operation fails.
+This is used by clients that cannot retry transactions by
+themselves, and that depend on retry logic in their own client.
+.SH "STANDARDS"
+.na
+.nf
+RFC 822 (ARPA Internet Text Messages)
+RFC 2045 (Format of Internet Message Bodies)
+RFC 2822 (Internet Message Format)
+RFC 3462 (Delivery Status Notifications)
+RFC 3464 (Delivery Status Notifications)
+RFC 3834 (Auto\-Submitted: message header)
+RFC 5322 (Internet Message Format)
+RFC 6531 (Internationalized SMTP)
+RFC 6532 (Internationalized Message Format)
+RFC 6533 (Internationalized Delivery Status Notifications)
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+Changes to \fBmain.cf\fR are picked up automatically, as \fBbounce\fR(8)
+processes run for only a limited amount of time. Use the command
+"\fBpostfix reload\fR" to speed up a change.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.IP "\fB2bounce_notice_recipient (postmaster)\fR"
+The recipient of undeliverable mail that cannot be returned to
+the sender.
+.IP "\fBbackwards_bounce_logfile_compatibility (yes)\fR"
+Produce additional \fBbounce\fR(8) logfile records that can be read by
+Postfix versions before 2.0.
+.IP "\fBbounce_notice_recipient (postmaster)\fR"
+The recipient of postmaster notifications with the message headers
+of mail that Postfix did not deliver and of SMTP conversation
+transcripts of mail that Postfix did not receive.
+.IP "\fBbounce_size_limit (50000)\fR"
+The maximal amount of original message text that is sent in a
+non\-delivery notification.
+.IP "\fBbounce_template_file (empty)\fR"
+Pathname of a configuration file with bounce message templates.
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBdaemon_timeout (18000s)\fR"
+How much time a Postfix daemon process may take to handle a
+request before it is terminated by a built\-in watchdog timer.
+.IP "\fBdelay_notice_recipient (postmaster)\fR"
+The recipient of postmaster notifications with the message headers
+of mail that cannot be delivered within $delay_warning_time time
+units.
+.IP "\fBdeliver_lock_attempts (20)\fR"
+The maximal number of attempts to acquire an exclusive lock on a
+mailbox file or \fBbounce\fR(8) logfile.
+.IP "\fBdeliver_lock_delay (1s)\fR"
+The time between attempts to acquire an exclusive lock on a mailbox
+file or \fBbounce\fR(8) logfile.
+.IP "\fBipc_timeout (3600s)\fR"
+The time limit for sending or receiving information over an internal
+communication channel.
+.IP "\fBinternal_mail_filter_classes (empty)\fR"
+What categories of Postfix\-generated mail are subject to
+before\-queue content inspection by non_smtpd_milters, header_checks
+and body_checks.
+.IP "\fBmail_name (Postfix)\fR"
+The mail system name that is displayed in Received: headers, in
+the SMTP greeting banner, and in bounced mail.
+.IP "\fBmax_idle (100s)\fR"
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
+.IP "\fBmax_use (100)\fR"
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
+.IP "\fBnotify_classes (resource, software)\fR"
+The list of error classes that are reported to the postmaster.
+.IP "\fBprocess_id (read\-only)\fR"
+The process ID of a Postfix command or daemon process.
+.IP "\fBprocess_name (read\-only)\fR"
+The process name of a Postfix command or daemon process.
+.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
+The location of the Postfix top\-level queue directory.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix 3.0 and later:
+.IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR"
+Detect that a message requires SMTPUTF8 support for the specified
+mail origin classes.
+.PP
+Available in Postfix 3.3 and later:
+.IP "\fBservice_name (read\-only)\fR"
+The master.cf service name of a Postfix daemon process.
+.PP
+Available in Postfix 3.6 and later:
+.IP "\fBenable_threaded_bounces (no)\fR"
+Enable non\-delivery, success, and delay notifications that link
+to the original message by including a References: and In\-Reply\-To:
+header with the original Message\-ID value.
+.PP
+Available in Postfix 3.7 and later:
+.IP "\fBheader_from_format (standard)\fR"
+The format of the Postfix\-generated \fBFrom:\fR header.
+.SH "FILES"
+.na
+.nf
+/var/spool/postfix/bounce/* non\-delivery records
+/var/spool/postfix/defer/* non\-delivery records
+/var/spool/postfix/trace/* delivery status records
+.SH "SEE ALSO"
+.na
+.nf
+bounce(5), bounce message template format
+qmgr(8), queue manager
+postconf(5), configuration parameters
+master(5), generic daemon options
+master(8), process manager
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man8/cleanup.8 b/man/man8/cleanup.8
new file mode 100644
index 0000000..bc51c31
--- /dev/null
+++ b/man/man8/cleanup.8
@@ -0,0 +1,515 @@
+.TH CLEANUP 8
+.ad
+.fi
+.SH NAME
+cleanup
+\-
+canonicalize and enqueue Postfix message
+.SH "SYNOPSIS"
+.na
+.nf
+\fBcleanup\fR [generic Postfix daemon options]
+.SH DESCRIPTION
+.ad
+.fi
+The \fBcleanup\fR(8) daemon processes inbound mail, inserts it
+into the \fBincoming\fR mail queue, and informs the queue
+manager of its arrival.
+
+The \fBcleanup\fR(8) daemon performs the following transformations:
+.IP \(bu
+Insert missing message headers: (\fBResent\-\fR) \fBFrom:\fR,
+\fBTo:\fR, \fBMessage\-Id:\fR, and \fBDate:\fR.
+.br
+This is enabled with the \fBlocal_header_rewrite_clients\fR and
+\fBalways_add_missing_headers\fR parameter settings.
+.IP \(bu
+Transform envelope and header addresses to the standard
+\fIuser@fully\-qualified\-domain\fR form that is expected by other
+Postfix programs.
+This task depends on the \fBtrivial\-rewrite\fR(8) daemon.
+.br
+The header transformation is enabled with the
+\fBlocal_header_rewrite_clients\fR parameter setting.
+.IP \(bu
+Eliminate duplicate envelope recipient addresses.
+.br
+This is enabled with the \fBduplicate_filter_limit\fR
+parameter setting.
+.IP \(bu
+Remove message headers: \fBBcc\fR, \fBContent\-Length\fR,
+\fBResent\-Bcc\fR, \fBReturn\-Path\fR.
+.br
+This is enabled with the message_drop_headers parameter
+setting.
+.IP \(bu
+Optionally, rewrite all envelope and header addresses according
+to the mappings specified in the \fBcanonical\fR(5) lookup tables.
+.br
+The header transformation is enabled with the
+\fBlocal_header_rewrite_clients\fR parameter setting.
+.IP \(bu
+Optionally, masquerade envelope sender addresses and message
+header addresses (i.e. strip host or domain information below
+all domains listed in the \fBmasquerade_domains\fR parameter,
+except for user names listed in \fBmasquerade_exceptions\fR).
+By default, address masquerading does not affect envelope recipients.
+.br
+The header transformation is enabled with the
+\fBlocal_header_rewrite_clients\fR parameter setting.
+.IP \(bu
+Optionally, expand envelope recipients according to information
+found in the \fBvirtual_alias_maps\fR lookup tables.
+.PP
+The \fBcleanup\fR(8) daemon performs sanity checks on the content of
+each message. When it finds a problem, by default it returns a
+diagnostic status to the cleanup service client, and leaves
+it up to the client
+to deal with the problem. Alternatively, the client can request
+the \fBcleanup\fR(8) daemon to bounce the message back to the sender
+in case of trouble.
+.SH "STANDARDS"
+.na
+.nf
+RFC 822 (ARPA Internet Text Messages)
+RFC 2045 (MIME: Format of Internet Message Bodies)
+RFC 2046 (MIME: Media Types)
+RFC 2822 (Internet Message Format)
+RFC 3463 (Enhanced Status Codes)
+RFC 3464 (Delivery status notifications)
+RFC 5322 (Internet Message Format)
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
+.SH BUGS
+.ad
+.fi
+Table\-driven rewriting rules make it hard to express \fBif then
+else\fR and other logical relationships.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+Changes to \fBmain.cf\fR are picked up automatically, as
+\fBcleanup\fR(8)
+processes run for only a limited amount of time. Use the command
+"\fBpostfix reload\fR" to speed up a change.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.SH "COMPATIBILITY CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBundisclosed_recipients_header (see 'postconf -d' output)\fR"
+Message header that the Postfix \fBcleanup\fR(8) server inserts when a
+message contains no To: or Cc: message header.
+.PP
+Available in Postfix version 2.1 only:
+.IP "\fBenable_errors_to (no)\fR"
+Report mail delivery errors to the address specified with the
+non\-standard Errors\-To: message header, instead of the envelope
+sender address (this feature is removed with Postfix version 2.2, is
+turned off by default with Postfix version 2.1, and is always turned on
+with older Postfix versions).
+.PP
+Available in Postfix version 2.6 and later:
+.IP "\fBalways_add_missing_headers (no)\fR"
+Always add (Resent\-) From:, To:, Date: or Message\-ID: headers
+when not present.
+.PP
+Available in Postfix version 2.9 and later:
+.IP "\fBenable_long_queue_ids (no)\fR"
+Enable long, non\-repeating, queue IDs (queue file names).
+.PP
+Available in Postfix version 3.0 and later:
+.IP "\fBmessage_drop_headers (bcc, content\-length, resent\-bcc, return\-path)\fR"
+Names of message headers that the \fBcleanup\fR(8) daemon will remove
+after applying \fBheader_checks\fR(5) and before invoking Milter applications.
+.IP "\fBheader_from_format (standard)\fR"
+The format of the Postfix\-generated \fBFrom:\fR header.
+.SH "BUILT-IN CONTENT FILTERING CONTROLS"
+.na
+.nf
+.ad
+.fi
+Postfix built\-in content filtering is meant to stop a flood of
+worms or viruses. It is not a general content filter.
+.IP "\fBbody_checks (empty)\fR"
+Optional lookup tables for content inspection as specified in
+the \fBbody_checks\fR(5) manual page.
+.IP "\fBheader_checks (empty)\fR"
+Optional lookup tables for content inspection of primary non\-MIME
+message headers, as specified in the \fBheader_checks\fR(5) manual page.
+.PP
+Available in Postfix version 2.0 and later:
+.IP "\fBbody_checks_size_limit (51200)\fR"
+How much text in a message body segment (or attachment, if you
+prefer to use that term) is subjected to body_checks inspection.
+.IP "\fBmime_header_checks ($header_checks)\fR"
+Optional lookup tables for content inspection of MIME related
+message headers, as described in the \fBheader_checks\fR(5) manual page.
+.IP "\fBnested_header_checks ($header_checks)\fR"
+Optional lookup tables for content inspection of non\-MIME message
+headers in attached messages, as described in the \fBheader_checks\fR(5)
+manual page.
+.PP
+Available in Postfix version 2.3 and later:
+.IP "\fBmessage_reject_characters (empty)\fR"
+The set of characters that Postfix will reject in message
+content.
+.IP "\fBmessage_strip_characters (empty)\fR"
+The set of characters that Postfix will remove from message
+content.
+.PP
+Available in Postfix version 3.9, 3.8.5, 3.7.10, 3.6.14,
+3.5.24, and later:
+.IP "\fBcleanup_replace_stray_cr_lf (yes)\fR"
+Replace each stray <CR> or <LF> character in message
+content with a space character, to prevent outbound SMTP smuggling,
+and to make the evaluation of Postfix\-added DKIM or other signatures
+independent from how a remote mail server handles such characters.
+.SH "BEFORE QUEUE MILTER CONTROLS"
+.na
+.nf
+.ad
+.fi
+As of version 2.3, Postfix supports the Sendmail version 8
+Milter (mail filter) protocol. When mail is not received via
+the smtpd(8) server, the cleanup(8) server will simulate
+SMTP events to the extent that this is possible. For details
+see the MILTER_README document.
+.IP "\fBnon_smtpd_milters (empty)\fR"
+A list of Milter (mail filter) applications for new mail that
+does not arrive via the Postfix \fBsmtpd\fR(8) server.
+.IP "\fBmilter_protocol (6)\fR"
+The mail filter protocol version and optional protocol extensions
+for communication with a Milter application; prior to Postfix 2.6
+the default protocol is 2.
+.IP "\fBmilter_default_action (tempfail)\fR"
+The default action when a Milter (mail filter) response is
+unavailable (for example, bad Postfix configuration or Milter
+failure).
+.IP "\fBmilter_macro_daemon_name ($myhostname)\fR"
+The {daemon_name} macro value for Milter (mail filter) applications.
+.IP "\fBmilter_macro_v ($mail_name $mail_version)\fR"
+The {v} macro value for Milter (mail filter) applications.
+.IP "\fBmilter_connect_timeout (30s)\fR"
+The time limit for connecting to a Milter (mail filter)
+application, and for negotiating protocol options.
+.IP "\fBmilter_command_timeout (30s)\fR"
+The time limit for sending an SMTP command to a Milter (mail
+filter) application, and for receiving the response.
+.IP "\fBmilter_content_timeout (300s)\fR"
+The time limit for sending message content to a Milter (mail
+filter) application, and for receiving the response.
+.IP "\fBmilter_connect_macros (see 'postconf -d' output)\fR"
+The macros that are sent to Milter (mail filter) applications
+after completion of an SMTP connection.
+.IP "\fBmilter_helo_macros (see 'postconf -d' output)\fR"
+The macros that are sent to Milter (mail filter) applications
+after the SMTP HELO or EHLO command.
+.IP "\fBmilter_mail_macros (see 'postconf -d' output)\fR"
+The macros that are sent to Milter (mail filter) applications
+after the SMTP MAIL FROM command.
+.IP "\fBmilter_rcpt_macros (see 'postconf -d' output)\fR"
+The macros that are sent to Milter (mail filter) applications
+after the SMTP RCPT TO command.
+.IP "\fBmilter_data_macros (see 'postconf -d' output)\fR"
+The macros that are sent to version 4 or higher Milter (mail
+filter) applications after the SMTP DATA command.
+.IP "\fBmilter_unknown_command_macros (see 'postconf -d' output)\fR"
+The macros that are sent to version 3 or higher Milter (mail
+filter) applications after an unknown SMTP command.
+.IP "\fBmilter_end_of_data_macros (see 'postconf -d' output)\fR"
+The macros that are sent to Milter (mail filter) applications
+after the message end\-of\-data.
+.PP
+Available in Postfix version 2.5 and later:
+.IP "\fBmilter_end_of_header_macros (see 'postconf -d' output)\fR"
+The macros that are sent to Milter (mail filter) applications
+after the end of the message header.
+.PP
+Available in Postfix version 2.7 and later:
+.IP "\fBmilter_header_checks (empty)\fR"
+Optional lookup tables for content inspection of message headers
+that are produced by Milter applications.
+.PP
+Available in Postfix version 3.1 and later:
+.IP "\fBmilter_macro_defaults (empty)\fR"
+Optional list of \fIname=value\fR pairs that specify default
+values for arbitrary macros that Postfix may send to Milter
+applications.
+.SH "MIME PROCESSING CONTROLS"
+.na
+.nf
+.ad
+.fi
+Available in Postfix version 2.0 and later:
+.IP "\fBdisable_mime_input_processing (no)\fR"
+Turn off MIME processing while receiving mail.
+.IP "\fBmime_boundary_length_limit (2048)\fR"
+The maximal length of MIME multipart boundary strings.
+.IP "\fBmime_nesting_limit (100)\fR"
+The maximal recursion level that the MIME processor will handle.
+.IP "\fBstrict_8bitmime (no)\fR"
+Enable both strict_7bit_headers and strict_8bitmime_body.
+.IP "\fBstrict_7bit_headers (no)\fR"
+Reject mail with 8\-bit text in message headers.
+.IP "\fBstrict_8bitmime_body (no)\fR"
+Reject 8\-bit message body text without 8\-bit MIME content encoding
+information.
+.IP "\fBstrict_mime_encoding_domain (no)\fR"
+Reject mail with invalid Content\-Transfer\-Encoding: information
+for the message/* or multipart/* MIME content types.
+.PP
+Available in Postfix version 2.5 and later:
+.IP "\fBdetect_8bit_encoding_header (yes)\fR"
+Automatically detect 8BITMIME body content by looking at
+Content\-Transfer\-Encoding: message headers; historically, this
+behavior was hard\-coded to be "always on".
+.SH "AUTOMATIC BCC RECIPIENT CONTROLS"
+.na
+.nf
+.ad
+.fi
+Postfix can automatically add BCC (blind carbon copy)
+when mail enters the mail system:
+.IP "\fBalways_bcc (empty)\fR"
+Optional address that receives a "blind carbon copy" of each message
+that is received by the Postfix mail system.
+.PP
+Available in Postfix version 2.1 and later:
+.IP "\fBsender_bcc_maps (empty)\fR"
+Optional BCC (blind carbon\-copy) address lookup tables, indexed
+by sender address.
+.IP "\fBrecipient_bcc_maps (empty)\fR"
+Optional BCC (blind carbon\-copy) address lookup tables, indexed by
+recipient address.
+.SH "ADDRESS TRANSFORMATION CONTROLS"
+.na
+.nf
+.ad
+.fi
+Address rewriting is delegated to the \fBtrivial\-rewrite\fR(8) daemon.
+The \fBcleanup\fR(8) server implements table driven address mapping.
+.IP "\fBempty_address_recipient (MAILER\-DAEMON)\fR"
+The recipient of mail addressed to the null address.
+.IP "\fBcanonical_maps (empty)\fR"
+Optional address mapping lookup tables for message headers and
+envelopes.
+.IP "\fBrecipient_canonical_maps (empty)\fR"
+Optional address mapping lookup tables for envelope and header
+recipient addresses.
+.IP "\fBsender_canonical_maps (empty)\fR"
+Optional address mapping lookup tables for envelope and header
+sender addresses.
+.IP "\fBmasquerade_classes (envelope_sender, header_sender, header_recipient)\fR"
+What addresses are subject to address masquerading.
+.IP "\fBmasquerade_domains (empty)\fR"
+Optional list of domains whose subdomain structure will be stripped
+off in email addresses.
+.IP "\fBmasquerade_exceptions (empty)\fR"
+Optional list of user names that are not subjected to address
+masquerading, even when their addresses match $masquerade_domains.
+.IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR"
+What address lookup tables copy an address extension from the lookup
+key to the lookup result.
+.PP
+Available before Postfix version 2.0:
+.IP "\fBvirtual_maps (empty)\fR"
+Optional lookup tables with a) names of domains for which all
+addresses are aliased to addresses in other local or remote domains,
+and b) addresses that are aliased to addresses in other local or
+remote domains.
+.PP
+Available in Postfix version 2.0 and later:
+.IP "\fBvirtual_alias_maps ($virtual_maps)\fR"
+Optional lookup tables that alias specific mail addresses or domains
+to other local or remote address.
+.PP
+Available in Postfix version 2.2 and later:
+.IP "\fBcanonical_classes (envelope_sender, envelope_recipient, header_sender, header_recipient)\fR"
+What addresses are subject to canonical_maps address mapping.
+.IP "\fBrecipient_canonical_classes (envelope_recipient, header_recipient)\fR"
+What addresses are subject to recipient_canonical_maps address
+mapping.
+.IP "\fBsender_canonical_classes (envelope_sender, header_sender)\fR"
+What addresses are subject to sender_canonical_maps address
+mapping.
+.IP "\fBremote_header_rewrite_domain (empty)\fR"
+Don't rewrite message headers from remote clients at all when
+this parameter is empty; otherwise, rewrite message headers and
+append the specified domain name to incomplete addresses.
+.SH "RESOURCE AND RATE CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBduplicate_filter_limit (1000)\fR"
+The maximal number of addresses remembered by the address
+duplicate filter for \fBaliases\fR(5) or \fBvirtual\fR(5) alias expansion, or
+for \fBshowq\fR(8) queue displays.
+.IP "\fBheader_size_limit (102400)\fR"
+The maximal amount of memory in bytes for storing a message header.
+.IP "\fBhopcount_limit (50)\fR"
+The maximal number of Received: message headers that is allowed
+in the primary message headers.
+.IP "\fBin_flow_delay (1s)\fR"
+Time to pause before accepting a new message, when the message
+arrival rate exceeds the message delivery rate.
+.IP "\fBmessage_size_limit (10240000)\fR"
+The maximal size in bytes of a message, including envelope information.
+.PP
+Available in Postfix version 2.0 and later:
+.IP "\fBheader_address_token_limit (10240)\fR"
+The maximal number of address tokens are allowed in an address
+message header.
+.IP "\fBmime_boundary_length_limit (2048)\fR"
+The maximal length of MIME multipart boundary strings.
+.IP "\fBmime_nesting_limit (100)\fR"
+The maximal recursion level that the MIME processor will handle.
+.IP "\fBqueue_file_attribute_count_limit (100)\fR"
+The maximal number of (name=value) attributes that may be stored
+in a Postfix queue file.
+.PP
+Available in Postfix version 2.1 and later:
+.IP "\fBvirtual_alias_expansion_limit (1000)\fR"
+The maximal number of addresses that virtual alias expansion produces
+from each original recipient.
+.IP "\fBvirtual_alias_recursion_limit (1000)\fR"
+The maximal nesting depth of virtual alias expansion.
+.PP
+Available in Postfix version 3.0 and later:
+.IP "\fBvirtual_alias_address_length_limit (1000)\fR"
+The maximal length of an email address after virtual alias expansion.
+.SH "SMTPUTF8 CONTROLS"
+.na
+.nf
+.ad
+.fi
+Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
+.IP "\fBsmtputf8_enable (yes)\fR"
+Enable preliminary SMTPUTF8 support for the protocols described
+in RFC 6531..6533.
+.IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR"
+Detect that a message requires SMTPUTF8 support for the specified
+mail origin classes.
+.PP
+Available in Postfix version 3.2 and later:
+.IP "\fBenable_idna2003_compatibility (no)\fR"
+Enable 'transitional' compatibility between IDNA2003 and IDNA2008,
+when converting UTF\-8 domain names to/from the ASCII form that is
+used for DNS lookups.
+.SH "MISCELLANEOUS CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBdaemon_timeout (18000s)\fR"
+How much time a Postfix daemon process may take to handle a
+request before it is terminated by a built\-in watchdog timer.
+.IP "\fBdelay_logging_resolution_limit (2)\fR"
+The maximal number of digits after the decimal point when logging
+sub\-second delay values.
+.IP "\fBdelay_warning_time (0h)\fR"
+The time after which the sender receives a copy of the message
+headers of mail that is still queued.
+.IP "\fBipc_timeout (3600s)\fR"
+The time limit for sending or receiving information over an internal
+communication channel.
+.IP "\fBmax_idle (100s)\fR"
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
+.IP "\fBmax_use (100)\fR"
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
+.IP "\fBmyhostname (see 'postconf -d' output)\fR"
+The internet hostname of this mail system.
+.IP "\fBmyorigin ($myhostname)\fR"
+The domain name that locally\-posted mail appears to come
+from, and that locally posted mail is delivered to.
+.IP "\fBprocess_id (read\-only)\fR"
+The process ID of a Postfix command or daemon process.
+.IP "\fBprocess_name (read\-only)\fR"
+The process name of a Postfix command or daemon process.
+.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
+The location of the Postfix top\-level queue directory.
+.IP "\fBsoft_bounce (no)\fR"
+Safety net to keep mail queued that would otherwise be returned to
+the sender.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix version 2.1 and later:
+.IP "\fBenable_original_recipient (yes)\fR"
+Enable support for the original recipient address after an
+address is rewritten to a different address (for example with
+aliasing or with canonical mapping).
+.PP
+Available in Postfix 3.3 and later:
+.IP "\fBservice_name (read\-only)\fR"
+The master.cf service name of a Postfix daemon process.
+.PP
+Available in Postfix 3.5 and later:
+.IP "\fBinfo_log_address_format (external)\fR"
+The email address form that will be used in non\-debug logging
+(info, warning, etc.).
+.SH "FILES"
+.na
+.nf
+/etc/postfix/canonical*, canonical mapping table
+/etc/postfix/virtual*, virtual mapping table
+.SH "SEE ALSO"
+.na
+.nf
+trivial\-rewrite(8), address rewriting
+qmgr(8), queue manager
+header_checks(5), message header content inspection
+body_checks(5), body parts content inspection
+canonical(5), canonical address lookup table format
+virtual(5), virtual alias lookup table format
+postconf(5), configuration parameters
+master(5), generic daemon options
+master(8), process manager
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+ADDRESS_REWRITING_README Postfix address manipulation
+CONTENT_INSPECTION_README content inspection
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man8/defer.8 b/man/man8/defer.8
new file mode 100644
index 0000000..411dfa1
--- /dev/null
+++ b/man/man8/defer.8
@@ -0,0 +1 @@
+.so man8/bounce.8
diff --git a/man/man8/discard.8 b/man/man8/discard.8
new file mode 100644
index 0000000..7823891
--- /dev/null
+++ b/man/man8/discard.8
@@ -0,0 +1,134 @@
+.TH DISCARD 8
+.ad
+.fi
+.SH NAME
+discard
+\-
+Postfix discard mail delivery agent
+.SH "SYNOPSIS"
+.na
+.nf
+\fBdiscard\fR [generic Postfix daemon options]
+.SH DESCRIPTION
+.ad
+.fi
+The Postfix \fBdiscard\fR(8) delivery agent processes
+delivery requests from
+the queue manager. Each request specifies a queue file, a sender
+address, a next\-hop destination that is treated as the reason for
+discarding the mail, and recipient information.
+The reason may be prefixed with an RFC 3463\-compatible detail code.
+This program expects to be run from the \fBmaster\fR(8) process
+manager.
+
+The \fBdiscard\fR(8) delivery agent pretends to deliver all recipients
+in the delivery request, logs the "next\-hop" destination
+as the reason for discarding the mail, updates the
+queue file, and either marks recipients as finished or informs the
+queue manager that delivery should be tried again at a later time.
+
+Delivery status reports are sent to the \fBtrace\fR(8)
+daemon as appropriate.
+.SH "SECURITY"
+.na
+.nf
+.ad
+.fi
+The \fBdiscard\fR(8) mailer is not security\-sensitive. It does not talk
+to the network, and can be run chrooted at fixed low privilege.
+.SH "STANDARDS"
+.na
+.nf
+RFC 3463 (Enhanced Status Codes)
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
+
+Depending on the setting of the \fBnotify_classes\fR parameter,
+the postmaster is notified of bounces and of other trouble.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+Changes to \fBmain.cf\fR are picked up automatically as \fBdiscard\fR(8)
+processes run for only a limited amount of time. Use the command
+"\fBpostfix reload\fR" to speed up a change.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBdaemon_timeout (18000s)\fR"
+How much time a Postfix daemon process may take to handle a
+request before it is terminated by a built\-in watchdog timer.
+.IP "\fBdelay_logging_resolution_limit (2)\fR"
+The maximal number of digits after the decimal point when logging
+sub\-second delay values.
+.IP "\fBdouble_bounce_sender (double\-bounce)\fR"
+The sender address of postmaster notifications that are generated
+by the mail system.
+.IP "\fBipc_timeout (3600s)\fR"
+The time limit for sending or receiving information over an internal
+communication channel.
+.IP "\fBmax_idle (100s)\fR"
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
+.IP "\fBmax_use (100)\fR"
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
+.IP "\fBprocess_id (read\-only)\fR"
+The process ID of a Postfix command or daemon process.
+.IP "\fBprocess_name (read\-only)\fR"
+The process name of a Postfix command or daemon process.
+.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
+The location of the Postfix top\-level queue directory.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix 3.3 and later:
+.IP "\fBservice_name (read\-only)\fR"
+The master.cf service name of a Postfix daemon process.
+.SH "SEE ALSO"
+.na
+.nf
+qmgr(8), queue manager
+bounce(8), delivery status reports
+error(8), Postfix error delivery agent
+postconf(5), configuration parameters
+master(5), generic daemon options
+master(8), process manager
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH HISTORY
+.ad
+.fi
+This service was introduced with Postfix version 2.2.
+.SH "AUTHOR(S)"
+.na
+.nf
+Victor Duchovni
+Morgan Stanley
+
+Based on code by:
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man8/dnsblog.8 b/man/man8/dnsblog.8
new file mode 100644
index 0000000..bf55548
--- /dev/null
+++ b/man/man8/dnsblog.8
@@ -0,0 +1,108 @@
+.TH DNSBLOG 8
+.ad
+.fi
+.SH NAME
+dnsblog
+\-
+Postfix DNS allow/denylist logger
+.SH "SYNOPSIS"
+.na
+.nf
+\fBdnsblog\fR [generic Postfix daemon options]
+.SH DESCRIPTION
+.ad
+.fi
+The \fBdnsblog\fR(8) server implements an ad\-hoc DNS
+allow/denylist lookup service. This may eventually be
+replaced by an UDP client that is built directly into the
+\fBpostscreen\fR(8) server.
+.SH "PROTOCOL"
+.na
+.nf
+.ad
+.fi
+With each connection, the \fBdnsblog\fR(8) server receives
+a DNS allow/denylist domain name, an IP address, and an ID.
+If the IP address is listed under the DNS allow/denylist, the
+\fBdnsblog\fR(8) server logs the match and replies with the
+query arguments plus an address list with the resulting IP
+addresses, separated by whitespace, and the reply TTL.
+Otherwise it replies with the query arguments plus an empty
+address list and the reply TTL; the reply TTL is \-1 if there
+is no reply, or a negative reply that contains no SOA record.
+Finally, the \fBdnsblog\fR(8) server closes the connection.
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+Changes to \fBmain.cf\fR are picked up automatically, as
+\fBdnsblog\fR(8) processes run for only a limited amount
+of time. Use the command "\fBpostfix reload\fR" to speed
+up a change.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBdaemon_timeout (18000s)\fR"
+How much time a Postfix daemon process may take to handle a
+request before it is terminated by a built\-in watchdog timer.
+.IP "\fBpostscreen_dnsbl_sites (empty)\fR"
+Optional list of DNS allow/denylist domains, filters and weight
+factors.
+.IP "\fBipc_timeout (3600s)\fR"
+The time limit for sending or receiving information over an internal
+communication channel.
+.IP "\fBprocess_id (read\-only)\fR"
+The process ID of a Postfix command or daemon process.
+.IP "\fBprocess_name (read\-only)\fR"
+The process name of a Postfix command or daemon process.
+.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
+The location of the Postfix top\-level queue directory.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix 3.3 and later:
+.IP "\fBservice_name (read\-only)\fR"
+The master.cf service name of a Postfix daemon process.
+.SH "SEE ALSO"
+.na
+.nf
+smtpd(8), Postfix SMTP server
+postconf(5), configuration parameters
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH HISTORY
+.ad
+.fi
+.ad
+.fi
+This service was introduced with Postfix version 2.8.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man8/error.8 b/man/man8/error.8
new file mode 100644
index 0000000..f0dae3b
--- /dev/null
+++ b/man/man8/error.8
@@ -0,0 +1,136 @@
+.TH ERROR 8
+.ad
+.fi
+.SH NAME
+error
+\-
+Postfix error/retry mail delivery agent
+.SH "SYNOPSIS"
+.na
+.nf
+\fBerror\fR [generic Postfix daemon options]
+.SH DESCRIPTION
+.ad
+.fi
+The Postfix \fBerror\fR(8) delivery agent processes delivery
+requests from
+the queue manager. Each request specifies a queue file, a sender
+address, the reason for non\-delivery (specified as the
+next\-hop destination), and recipient information.
+The reason may be prefixed with an RFC 3463\-compatible detail code;
+if none is specified a default 4.0.0 or 5.0.0 code is used instead.
+This program expects to be run from the \fBmaster\fR(8) process
+manager.
+
+Depending on the service name in master.cf, \fBerror\fR
+or \fBretry\fR, the server bounces or defers all recipients
+in the delivery request using the "next\-hop" information
+as the reason for non\-delivery. The \fBretry\fR service name is
+supported as of Postfix 2.4.
+
+Delivery status reports are sent to the \fBbounce\fR(8),
+\fBdefer\fR(8) or \fBtrace\fR(8) daemon as appropriate.
+.SH "SECURITY"
+.na
+.nf
+.ad
+.fi
+The \fBerror\fR(8) mailer is not security\-sensitive. It does not talk
+to the network, and can be run chrooted at fixed low privilege.
+.SH "STANDARDS"
+.na
+.nf
+RFC 3463 (Enhanced Status Codes)
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
+
+Depending on the setting of the \fBnotify_classes\fR parameter,
+the postmaster is notified of bounces and of other trouble.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+Changes to \fBmain.cf\fR are picked up automatically as \fBerror\fR(8)
+processes run for only a limited amount of time. Use the command
+"\fBpostfix reload\fR" to speed up a change.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.IP "\fB2bounce_notice_recipient (postmaster)\fR"
+The recipient of undeliverable mail that cannot be returned to
+the sender.
+.IP "\fBbounce_notice_recipient (postmaster)\fR"
+The recipient of postmaster notifications with the message headers
+of mail that Postfix did not deliver and of SMTP conversation
+transcripts of mail that Postfix did not receive.
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBdaemon_timeout (18000s)\fR"
+How much time a Postfix daemon process may take to handle a
+request before it is terminated by a built\-in watchdog timer.
+.IP "\fBdelay_logging_resolution_limit (2)\fR"
+The maximal number of digits after the decimal point when logging
+sub\-second delay values.
+.IP "\fBdouble_bounce_sender (double\-bounce)\fR"
+The sender address of postmaster notifications that are generated
+by the mail system.
+.IP "\fBipc_timeout (3600s)\fR"
+The time limit for sending or receiving information over an internal
+communication channel.
+.IP "\fBmax_idle (100s)\fR"
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
+.IP "\fBmax_use (100)\fR"
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
+.IP "\fBnotify_classes (resource, software)\fR"
+The list of error classes that are reported to the postmaster.
+.IP "\fBprocess_id (read\-only)\fR"
+The process ID of a Postfix command or daemon process.
+.IP "\fBprocess_name (read\-only)\fR"
+The process name of a Postfix command or daemon process.
+.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
+The location of the Postfix top\-level queue directory.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix 3.3 and later:
+.IP "\fBservice_name (read\-only)\fR"
+The master.cf service name of a Postfix daemon process.
+.SH "SEE ALSO"
+.na
+.nf
+qmgr(8), queue manager
+bounce(8), delivery status reports
+discard(8), Postfix discard delivery agent
+postconf(5), configuration parameters
+master(5), generic daemon options
+master(8), process manager
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man8/flush.8 b/man/man8/flush.8
new file mode 100644
index 0000000..b1fdf05
--- /dev/null
+++ b/man/man8/flush.8
@@ -0,0 +1,183 @@
+.TH FLUSH 8
+.ad
+.fi
+.SH NAME
+flush
+\-
+Postfix fast flush server
+.SH "SYNOPSIS"
+.na
+.nf
+\fBflush\fR [generic Postfix daemon options]
+.SH DESCRIPTION
+.ad
+.fi
+The \fBflush\fR(8) server maintains a record of deferred
+mail by destination.
+This information is used to improve the performance of the SMTP
+\fBETRN\fR request, and of its command\-line equivalent,
+"\fBsendmail \-qR\fR" or "\fBpostqueue \-f\fR".
+This program expects to be run from the \fBmaster\fR(8) process
+manager.
+
+The record is implemented as a per\-destination logfile with
+as contents the queue IDs of deferred mail. A logfile is
+append\-only, and is truncated when delivery is requested
+for the corresponding destination. A destination is the
+part on the right\-hand side of the right\-most \fB@\fR in
+an email address.
+
+Per\-destination logfiles of deferred mail are maintained only for
+eligible destinations. The list of eligible destinations is
+specified with the \fBfast_flush_domains\fR configuration parameter,
+which defaults to \fB$relay_domains\fR.
+
+This server implements the following requests:
+.IP "\fBadd\fI sitename queueid\fR"
+Inform the \fBflush\fR(8) server that the message with the specified
+queue ID is queued for the specified destination.
+.IP "\fBsend_site\fI sitename\fR"
+Request delivery of mail that is queued for the specified
+destination.
+.IP "\fBsend_file\fI queueid\fR"
+Request delivery of the specified deferred message.
+.IP \fBrefresh\fR
+Refresh non\-empty per\-destination logfiles that were not read in
+\fB$fast_flush_refresh_time\fR hours, by simulating
+send requests (see above) for the corresponding destinations.
+.sp
+Delete empty per\-destination logfiles that were not updated in
+\fB$fast_flush_purge_time\fR days.
+.sp
+This request completes in the background.
+.IP \fBpurge\fR
+Do a \fBrefresh\fR for all per\-destination logfiles.
+.SH "SECURITY"
+.na
+.nf
+.ad
+.fi
+The \fBflush\fR(8) server is not security\-sensitive. It does not
+talk to the network, and it does not talk to local users.
+The fast flush server can run chrooted at fixed low privilege.
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
+.SH BUGS
+.ad
+.fi
+Fast flush logfiles are truncated only after a "send"
+request, not when mail is actually delivered, and therefore can
+accumulate outdated or redundant data. In order to maintain sanity,
+"refresh" must be executed periodically. This can
+be automated with a suitable wakeup timer setting in the
+\fBmaster.cf\fR configuration file.
+
+Upon receipt of a request to deliver mail for an eligible
+destination, the \fBflush\fR(8) server requests delivery of all messages
+that are listed in that destination's logfile, regardless of the
+recipients of those messages. This is not an issue for mail
+that is sent to a \fBrelay_domains\fR destination because
+such mail typically only has recipients in one domain.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+Changes to \fBmain.cf\fR are picked up automatically as \fBflush\fR(8)
+processes run for only a limited amount of time. Use the command
+"\fBpostfix reload\fR" to speed up a change.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBdaemon_timeout (18000s)\fR"
+How much time a Postfix daemon process may take to handle a
+request before it is terminated by a built\-in watchdog timer.
+.IP "\fBfast_flush_domains ($relay_domains)\fR"
+Optional list of destinations that are eligible for per\-destination
+logfiles with mail that is queued to those destinations.
+.IP "\fBfast_flush_refresh_time (12h)\fR"
+The time after which a non\-empty but unread per\-destination "fast
+flush" logfile needs to be refreshed.
+.IP "\fBfast_flush_purge_time (7d)\fR"
+The time after which an empty per\-destination "fast flush" logfile
+is deleted.
+.IP "\fBipc_timeout (3600s)\fR"
+The time limit for sending or receiving information over an internal
+communication channel.
+.IP "\fBmax_idle (100s)\fR"
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
+.IP "\fBmax_use (100)\fR"
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
+.IP "\fBparent_domain_matches_subdomains (see 'postconf -d' output)\fR"
+A list of Postfix features where the pattern "example.com" also
+matches subdomains of example.com,
+instead of requiring an explicit ".example.com" pattern.
+.IP "\fBprocess_id (read\-only)\fR"
+The process ID of a Postfix command or daemon process.
+.IP "\fBprocess_name (read\-only)\fR"
+The process name of a Postfix command or daemon process.
+.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
+The location of the Postfix top\-level queue directory.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix 3.3 and later:
+.IP "\fBservice_name (read\-only)\fR"
+The master.cf service name of a Postfix daemon process.
+.SH "FILES"
+.na
+.nf
+/var/spool/postfix/flush, "fast flush" logfiles.
+.SH "SEE ALSO"
+.na
+.nf
+smtpd(8), SMTP server
+qmgr(8), queue manager
+postconf(5), configuration parameters
+master(5), generic daemon options
+master(8), process manager
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+ETRN_README, Postfix ETRN howto
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH HISTORY
+.ad
+.fi
+This service was introduced with Postfix version 1.0.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man8/lmtp.8 b/man/man8/lmtp.8
new file mode 100644
index 0000000..966d301
--- /dev/null
+++ b/man/man8/lmtp.8
@@ -0,0 +1 @@
+.so man8/smtp.8
diff --git a/man/man8/local.8 b/man/man8/local.8
new file mode 100644
index 0000000..ca9c6c8
--- /dev/null
+++ b/man/man8/local.8
@@ -0,0 +1,668 @@
+.TH LOCAL 8
+.ad
+.fi
+.SH NAME
+local
+\-
+Postfix local mail delivery
+.SH "SYNOPSIS"
+.na
+.nf
+\fBlocal\fR [generic Postfix daemon options]
+.SH DESCRIPTION
+.ad
+.fi
+The \fBlocal\fR(8) daemon processes delivery requests from the
+Postfix queue manager to deliver mail to local recipients.
+Each delivery request specifies a queue file, a sender address,
+a domain or host to deliver to, and one or more recipients.
+This program expects to be run from the \fBmaster\fR(8) process
+manager.
+
+The \fBlocal\fR(8) daemon updates queue files and marks recipients
+as finished, or it informs the queue manager that delivery should
+be tried again at a later time. Delivery status reports are sent
+to the \fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemon as
+appropriate.
+.SH "CASE FOLDING"
+.na
+.nf
+.ad
+.fi
+All delivery decisions are made using the bare recipient
+name (i.e. the address localpart), folded to lower case.
+See also under ADDRESS EXTENSION below for a few exceptions.
+.SH "SYSTEM-WIDE AND USER-LEVEL ALIASING"
+.na
+.nf
+.ad
+.fi
+The system administrator can set up one or more system\-wide
+\fBsendmail\fR\-style alias databases.
+Users can have \fBsendmail\fR\-style ~/.\fBforward\fR files.
+Mail for \fIname\fR is delivered to the alias \fIname\fR, to
+destinations in ~\fIname\fR/.\fBforward\fR, to the mailbox owned
+by the user \fIname\fR, or it is sent back as undeliverable.
+
+The system administrator can specify a comma/space separated list
+of ~\fR/.\fBforward\fR like files through the \fBforward_path\fR
+configuration parameter. Upon delivery, the local delivery agent
+tries each pathname in the list until a file is found.
+
+Delivery via ~/.\fBforward\fR files is done with the privileges
+of the recipient.
+Thus, ~/.\fBforward\fR like files must be readable by the
+recipient, and their parent directory needs to have "execute"
+permission for the recipient.
+
+The \fBforward_path\fR parameter is subject to interpolation of
+\fB$user\fR (recipient username), \fB$home\fR (recipient home
+directory), \fB$shell\fR (recipient shell), \fB$recipient\fR
+(complete recipient address), \fB$extension\fR (recipient address
+extension), \fB$domain\fR (recipient domain), \fB$local\fR
+(entire recipient address localpart) and
+\fB$recipient_delimiter.\fR The forms \fI${name?value}\fR
+and \fI${name?{value}}\fR (Postfix 3.0 and later) expand
+conditionally to \fIvalue\fR when \fI$name\fR is defined,
+and the forms \fI${name:value}\fR \fI${name:{value}}\fR
+(Postfix 3.0 and later) expand conditionally to \fIvalue\fR
+when \fI$name\fR is not defined. The form
+\fI${name?{value1}:{value2}}\fR (Postfix 3.0 and later)
+expands conditionally to \fIvalue1\fR when \fI$name\fR is
+defined, or \fIvalue2\fR otherwise. Characters that may
+have special meaning to the shell or file system are replaced
+with underscores. The list of acceptable characters is
+specified with the \fBforward_expansion_filter\fR configuration
+parameter.
+
+An alias or ~/.\fBforward\fR file may list any combination of external
+commands, destination file names, \fB:include:\fR directives, or
+mail addresses.
+See \fBaliases\fR(5) for a precise description. Each line in a
+user's .\fBforward\fR file has the same syntax as the right\-hand part
+of an alias.
+
+When an address is found in its own alias expansion, delivery is
+made to the user instead. When a user is listed in the user's own
+~/.\fBforward\fR file, delivery is made to the user's mailbox instead.
+An empty ~/.\fBforward\fR file means do not forward mail.
+
+In order to prevent the mail system from using up unreasonable
+amounts of memory, input records read from \fB:include:\fR or from
+~/.\fBforward\fR files are broken up into chunks of length
+\fBline_length_limit\fR.
+
+While expanding aliases, ~/.\fBforward\fR files, and so on, the
+program attempts to avoid duplicate deliveries. The
+\fBduplicate_filter_limit\fR configuration parameter limits the
+number of remembered recipients.
+.SH "MAIL FORWARDING"
+.na
+.nf
+.ad
+.fi
+For the sake of reliability, forwarded mail is re\-submitted as
+a new message, so that each recipient has a separate on\-file
+delivery status record.
+
+In order to stop mail forwarding loops early, the software adds an
+optional
+\fBDelivered\-To:\fR header with the final envelope recipient address. If
+mail arrives for a recipient that is already listed in a
+\fBDelivered\-To:\fR header, the message is bounced.
+.SH "MAILBOX DELIVERY"
+.na
+.nf
+.ad
+.fi
+The default per\-user mailbox is a file in the UNIX mail spool
+directory (\fB/var/mail/\fIuser\fR or \fB/var/spool/mail/\fIuser\fR);
+the location can be specified with the \fBmail_spool_directory\fR
+configuration parameter. Specify a name ending in \fB/\fR for
+\fBqmail\fR\-compatible \fBmaildir\fR delivery.
+
+Alternatively, the per\-user mailbox can be a file in the user's home
+directory with a name specified via the \fBhome_mailbox\fR
+configuration parameter. Specify a relative path name. Specify a name
+ending in \fB/\fR for \fBqmail\fR\-compatible \fBmaildir\fR delivery.
+
+Mailbox delivery can be delegated to an external command specified
+with the \fBmailbox_command_maps\fR and \fBmailbox_command\fR
+configuration parameters. The command
+executes with the privileges of the recipient user (exceptions:
+secondary groups are not enabled; in case of delivery as root,
+the command executes with the privileges of \fBdefault_privs\fR).
+
+Mailbox delivery can be delegated to alternative message transports
+specified in the \fBmaster.cf\fR file.
+The \fBmailbox_transport_maps\fR and \fBmailbox_transport\fR
+configuration parameters specify an optional
+message transport that is to be used for all local recipients,
+regardless of whether they are found in the UNIX passwd database.
+The \fBfallback_transport_maps\fR and
+\fBfallback_transport\fR parameters specify an optional
+message transport
+for recipients that are not found in the aliases(5) or UNIX
+passwd database.
+
+In the case of UNIX\-style mailbox delivery,
+the \fBlocal\fR(8) daemon prepends a "\fBFrom \fIsender time_stamp\fR"
+envelope header to each message, prepends an
+\fBX\-Original\-To:\fR header with the recipient address as given to
+Postfix, prepends an
+optional \fBDelivered\-To:\fR header
+with the final envelope recipient address, prepends a \fBReturn\-Path:\fR
+header with the envelope sender address, prepends a \fB>\fR character
+to lines beginning with "\fBFrom \fR", and appends an empty line.
+The mailbox is locked for exclusive access while delivery is in
+progress. In case of problems, an attempt is made to truncate the
+mailbox to its original length.
+
+In the case of \fBmaildir\fR delivery, the local daemon prepends
+an optional
+\fBDelivered\-To:\fR header with the final envelope recipient address,
+prepends an
+\fBX\-Original\-To:\fR header with the recipient address as given to
+Postfix,
+and prepends a \fBReturn\-Path:\fR header with the envelope sender
+address.
+.SH "EXTERNAL COMMAND DELIVERY"
+.na
+.nf
+.ad
+.fi
+The \fBallow_mail_to_commands\fR configuration parameter restricts
+delivery to external commands. The default setting (\fBalias,
+forward\fR) forbids command destinations in \fB:include:\fR files.
+
+Optionally, the process working directory is changed to the path
+specified with \fBcommand_execution_directory\fR (Postfix 2.2 and
+later). Failure to change directory causes mail to be deferred.
+
+The \fBcommand_execution_directory\fR parameter value is subject
+to interpolation of \fB$user\fR (recipient username),
+\fB$home\fR (recipient home directory), \fB$shell\fR
+(recipient shell), \fB$recipient\fR (complete recipient
+address), \fB$extension\fR (recipient address extension),
+\fB$domain\fR (recipient domain), \fB$local\fR (entire
+recipient address localpart) and \fB$recipient_delimiter.\fR
+The forms \fI${name?value}\fR and \fI${name?{value}}\fR
+(Postfix 3.0 and later) expand conditionally to \fIvalue\fR
+when \fI$name\fR is defined, and the forms \fI${name:value}\fR
+and \fI${name:{value}}\fR (Postfix 3.0 and later) expand
+conditionally to \fIvalue\fR when \fI$name\fR is not defined.
+The form \fI${name?{value1}:{value2}}\fR (Postfix 3.0 and
+later) expands conditionally to \fIvalue1\fR when \fI$name\fR
+is defined, or \fIvalue2\fR otherwise. Characters that may
+have special meaning to the shell or file system are replaced
+with underscores. The list of acceptable characters
+is specified with the \fBexecution_directory_expansion_filter\fR
+configuration parameter.
+
+The command is executed directly where possible. Assistance by the
+shell (\fB/bin/sh\fR on UNIX systems) is used only when the command
+contains shell magic characters, or when the command invokes a shell
+built\-in command.
+
+A limited amount of command output (standard output and standard
+error) is captured for inclusion with non\-delivery status reports.
+A command is forcibly terminated if it does not complete within
+\fBcommand_time_limit\fR seconds. Command exit status codes are
+expected to follow the conventions defined in <\fBsysexits.h\fR>.
+Exit status 0 means normal successful completion.
+
+Postfix version 2.3 and later support RFC 3463\-style enhanced
+status codes. If a command terminates with a non\-zero exit
+status, and the command output begins with an enhanced
+status code, this status code takes precedence over the
+non\-zero exit status.
+
+A limited amount of message context is exported via environment
+variables. Characters that may have special meaning to the shell
+are replaced with underscores. The list of acceptable characters
+is specified with the \fBcommand_expansion_filter\fR configuration
+parameter.
+.IP \fBSHELL\fR
+The recipient user's login shell.
+.IP \fBHOME\fR
+The recipient user's home directory.
+.IP \fBUSER\fR
+The bare recipient name.
+.IP \fBEXTENSION\fR
+The optional recipient address extension.
+.IP \fBDOMAIN\fR
+The recipient address domain part.
+.IP \fBLOGNAME\fR
+The bare recipient name.
+.IP \fBLOCAL\fR
+The entire recipient address localpart (text to the left of the
+rightmost @ character).
+.IP \fBORIGINAL_RECIPIENT\fR
+The entire recipient address, before any address rewriting
+or aliasing (Postfix 2.5 and later).
+.IP \fBRECIPIENT\fR
+The entire recipient address.
+.IP \fBSENDER\fR
+The entire sender address.
+.PP
+Additional remote client information is made available via
+the following environment variables:
+.IP \fBCLIENT_ADDRESS\fR
+Remote client network address. Available as of Postfix 2.2.
+.IP \fBCLIENT_HELO\fR
+Remote client EHLO command parameter. Available as of Postfix 2.2.
+.IP \fBCLIENT_HOSTNAME\fR
+Remote client hostname. Available as of Postfix 2.2.
+.IP \fBCLIENT_PROTOCOL\fR
+Remote client protocol. Available as of Postfix 2.2.
+.IP \fBSASL_METHOD\fR
+SASL authentication method specified in the
+remote client AUTH command. Available as of Postfix 2.2.
+.IP \fBSASL_SENDER\fR
+SASL sender address specified in the remote client MAIL
+FROM command. Available as of Postfix 2.2.
+.IP \fBSASL_USERNAME\fR
+SASL username specified in the remote client AUTH command.
+Available as of Postfix 2.2.
+.PP
+The \fBPATH\fR environment variable is always reset to a
+system\-dependent default path, and environment variables
+whose names are blessed by the \fBexport_environment\fR
+configuration parameter are exported unchanged.
+
+The current working directory is the mail queue directory.
+
+The \fBlocal\fR(8) daemon prepends a "\fBFrom \fIsender time_stamp\fR"
+envelope header to each message, prepends an
+\fBX\-Original\-To:\fR header with the recipient address as given to
+Postfix, prepends an
+optional \fBDelivered\-To:\fR
+header with the final recipient envelope address, prepends a
+\fBReturn\-Path:\fR header with the sender envelope address,
+and appends no empty line.
+.SH "EXTERNAL FILE DELIVERY"
+.na
+.nf
+.ad
+.fi
+The delivery format depends on the destination filename syntax.
+The default is to use UNIX\-style mailbox format. Specify a name
+ending in \fB/\fR for \fBqmail\fR\-compatible \fBmaildir\fR delivery.
+
+The \fBallow_mail_to_files\fR configuration parameter restricts
+delivery to external files. The default setting (\fBalias,
+forward\fR) forbids file destinations in \fB:include:\fR files.
+
+In the case of UNIX\-style mailbox delivery,
+the \fBlocal\fR(8) daemon prepends a "\fBFrom \fIsender time_stamp\fR"
+envelope header to each message, prepends an
+\fBX\-Original\-To:\fR header with the recipient address as given to
+Postfix, prepends an
+optional \fBDelivered\-To:\fR
+header with the final recipient envelope address, prepends a \fB>\fR
+character to lines beginning with "\fBFrom \fR", and appends an
+empty line.
+The envelope sender address is available in the \fBReturn\-Path:\fR
+header.
+When the destination is a regular file, it is locked for exclusive
+access while delivery is in progress. In case of problems, an attempt
+is made to truncate a regular file to its original length.
+
+In the case of \fBmaildir\fR delivery, the local daemon prepends
+an optional
+\fBDelivered\-To:\fR header with the final envelope recipient address,
+and prepends an
+\fBX\-Original\-To:\fR header with the recipient address as given to
+Postfix.
+The envelope sender address is available in the \fBReturn\-Path:\fR
+header.
+.SH "ADDRESS EXTENSION"
+.na
+.nf
+.ad
+.fi
+The optional \fBrecipient_delimiter\fR configuration parameter
+specifies how to separate address extensions from local recipient
+names.
+
+For example, with "\fBrecipient_delimiter = +\fR", mail for
+\fIname\fR+\fIfoo\fR is delivered to the alias \fIname\fR+\fIfoo\fR
+or to the alias \fIname\fR, to the destinations listed in
+~\fIname\fR/.\fBforward\fR+\fIfoo\fR or in ~\fIname\fR/.\fBforward\fR,
+to the mailbox owned by the user \fIname\fR, or it is sent back as
+undeliverable.
+.SH "DELIVERY RIGHTS"
+.na
+.nf
+.ad
+.fi
+Deliveries to external files and external commands are made with
+the rights of the receiving user on whose behalf the delivery is made.
+In the absence of a user context, the \fBlocal\fR(8) daemon uses the
+owner rights of the \fB:include:\fR file or alias database.
+When those files are owned by the superuser, delivery is made with
+the rights specified with the \fBdefault_privs\fR configuration
+parameter.
+.SH "STANDARDS"
+.na
+.nf
+RFC 822 (ARPA Internet Text Messages)
+RFC 3463 (Enhanced status codes)
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
+Corrupted message files are marked so that the queue
+manager can move them to the \fBcorrupt\fR queue afterwards.
+
+Depending on the setting of the \fBnotify_classes\fR parameter,
+the postmaster is notified of bounces and of other trouble.
+.SH "SECURITY"
+.na
+.nf
+.ad
+.fi
+The \fBlocal\fR(8) delivery agent needs a dual personality
+1) to access the private Postfix queue and IPC mechanisms,
+2) to impersonate the recipient and deliver to recipient\-specified
+files or commands. It is therefore security sensitive.
+
+The \fBlocal\fR(8) delivery agent disallows regular expression
+substitution of $1 etc. in \fBalias_maps\fR, because that
+would open a security hole.
+
+The \fBlocal\fR(8) delivery agent will silently ignore
+requests to use the \fBproxymap\fR(8) server within
+\fBalias_maps\fR. Instead it will open the table directly.
+Before Postfix version 2.2, the \fBlocal\fR(8) delivery
+agent will terminate with a fatal error.
+.SH BUGS
+.ad
+.fi
+For security reasons, the message delivery status of external commands
+or of external files is never checkpointed to file. As a result,
+the program may occasionally deliver more than once to a command or
+external file. Better safe than sorry.
+
+Mutually\-recursive aliases or ~/.\fBforward\fR files are not detected
+early. The resulting mail forwarding loop is broken by the use of the
+\fBDelivered\-To:\fR message header.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+Changes to \fBmain.cf\fR are picked up automatically, as \fBlocal\fR(8)
+processes run for only a limited amount of time. Use the command
+"\fBpostfix reload\fR" to speed up a change.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.SH "COMPATIBILITY CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBbiff (yes)\fR"
+Whether or not to use the local biff service.
+.IP "\fBexpand_owner_alias (no)\fR"
+When delivering to an alias "\fIaliasname\fR" that has an
+"owner\-\fIaliasname\fR" companion alias, set the envelope sender
+address to the expansion of the "owner\-\fIaliasname\fR" alias.
+.IP "\fBowner_request_special (yes)\fR"
+Enable special treatment for owner\-\fIlistname\fR entries in the
+\fBaliases\fR(5) file, and don't split owner\-\fIlistname\fR and
+\fIlistname\fR\-request address localparts when the recipient_delimiter
+is set to "\-".
+.IP "\fBsun_mailtool_compatibility (no)\fR"
+Obsolete SUN mailtool compatibility feature.
+.PP
+Available in Postfix version 2.3 and later:
+.IP "\fBfrozen_delivered_to (yes)\fR"
+Update the \fBlocal\fR(8) delivery agent's idea of the Delivered\-To:
+address (see prepend_delivered_header) only once, at the start of
+a delivery attempt; do not update the Delivered\-To: address while
+expanding aliases or .forward files.
+.PP
+Available in Postfix version 2.5.3 and later:
+.IP "\fBstrict_mailbox_ownership (yes)\fR"
+Defer delivery when a mailbox file is not owned by its recipient.
+.IP "\fBreset_owner_alias (no)\fR"
+Reset the \fBlocal\fR(8) delivery agent's idea of the owner\-alias
+attribute, when delivering mail to a child alias that does not have
+its own owner alias.
+.PP
+Available in Postfix version 3.0 and later:
+.IP "\fBlocal_delivery_status_filter ($default_delivery_status_filter)\fR"
+Optional filter for the \fBlocal\fR(8) delivery agent to change the
+status code or explanatory text of successful or unsuccessful
+deliveries.
+.SH "DELIVERY METHOD CONTROLS"
+.na
+.nf
+.ad
+.fi
+The precedence of \fBlocal\fR(8) delivery methods from high to low is:
+aliases, .forward files, mailbox_transport_maps,
+mailbox_transport, mailbox_command_maps, mailbox_command,
+home_mailbox, mail_spool_directory, fallback_transport_maps,
+fallback_transport, and luser_relay.
+.IP "\fBalias_maps (see 'postconf -d' output)\fR"
+The alias databases that are used for \fBlocal\fR(8) delivery.
+.IP "\fBforward_path (see 'postconf -d' output)\fR"
+The \fBlocal\fR(8) delivery agent search list for finding a .forward
+file with user\-specified delivery methods.
+.IP "\fBmailbox_transport_maps (empty)\fR"
+Optional lookup tables with per\-recipient message delivery
+transports to use for \fBlocal\fR(8) mailbox delivery, whether or not the
+recipients are found in the UNIX passwd database.
+.IP "\fBmailbox_transport (empty)\fR"
+Optional message delivery transport that the \fBlocal\fR(8) delivery
+agent should use for mailbox delivery to all local recipients,
+whether or not they are found in the UNIX passwd database.
+.IP "\fBmailbox_command_maps (empty)\fR"
+Optional lookup tables with per\-recipient external commands to use
+for \fBlocal\fR(8) mailbox delivery.
+.IP "\fBmailbox_command (empty)\fR"
+Optional external command that the \fBlocal\fR(8) delivery agent should
+use for mailbox delivery.
+.IP "\fBhome_mailbox (empty)\fR"
+Optional pathname of a mailbox file relative to a \fBlocal\fR(8) user's
+home directory.
+.IP "\fBmail_spool_directory (see 'postconf -d' output)\fR"
+The directory where \fBlocal\fR(8) UNIX\-style mailboxes are kept.
+.IP "\fBfallback_transport_maps (empty)\fR"
+Optional lookup tables with per\-recipient message delivery
+transports for recipients that the \fBlocal\fR(8) delivery agent could
+not find in the \fBaliases\fR(5) or UNIX password database.
+.IP "\fBfallback_transport (empty)\fR"
+Optional message delivery transport that the \fBlocal\fR(8) delivery
+agent should use for names that are not found in the \fBaliases\fR(5)
+or UNIX password database.
+.IP "\fBluser_relay (empty)\fR"
+Optional catch\-all destination for unknown \fBlocal\fR(8) recipients.
+.PP
+Available in Postfix version 2.2 and later:
+.IP "\fBcommand_execution_directory (empty)\fR"
+The \fBlocal\fR(8) delivery agent working directory for delivery to
+external commands.
+.SH "MAILBOX LOCKING CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBdeliver_lock_attempts (20)\fR"
+The maximal number of attempts to acquire an exclusive lock on a
+mailbox file or \fBbounce\fR(8) logfile.
+.IP "\fBdeliver_lock_delay (1s)\fR"
+The time between attempts to acquire an exclusive lock on a mailbox
+file or \fBbounce\fR(8) logfile.
+.IP "\fBstale_lock_time (500s)\fR"
+The time after which a stale exclusive mailbox lockfile is removed.
+.IP "\fBmailbox_delivery_lock (see 'postconf -d' output)\fR"
+How to lock a UNIX\-style \fBlocal\fR(8) mailbox before attempting delivery.
+.SH "RESOURCE AND RATE CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBcommand_time_limit (1000s)\fR"
+Time limit for delivery to external commands.
+.IP "\fBduplicate_filter_limit (1000)\fR"
+The maximal number of addresses remembered by the address
+duplicate filter for \fBaliases\fR(5) or \fBvirtual\fR(5) alias expansion, or
+for \fBshowq\fR(8) queue displays.
+.IP "\fBmailbox_size_limit (51200000)\fR"
+The maximal size of any \fBlocal\fR(8) individual mailbox or maildir
+file, or zero (no limit).
+.PP
+Implemented in the qmgr(8) daemon:
+.IP "\fBlocal_destination_concurrency_limit (2)\fR"
+The maximal number of parallel deliveries via the local mail
+delivery transport to the same recipient (when
+"local_destination_recipient_limit = 1") or the maximal number of
+parallel deliveries to the same local domain (when
+"local_destination_recipient_limit > 1").
+.IP "\fBlocal_destination_recipient_limit (1)\fR"
+The maximal number of recipients per message delivery via the
+local mail delivery transport.
+.SH "SECURITY CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBallow_mail_to_commands (alias, forward)\fR"
+Restrict \fBlocal\fR(8) mail delivery to external commands.
+.IP "\fBallow_mail_to_files (alias, forward)\fR"
+Restrict \fBlocal\fR(8) mail delivery to external files.
+.IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR"
+Restrict the characters that the \fBlocal\fR(8) delivery agent allows in
+$name expansions of $mailbox_command and $command_execution_directory.
+.IP "\fBdefault_privs (nobody)\fR"
+The default rights used by the \fBlocal\fR(8) delivery agent for delivery
+to an external file or command.
+.IP "\fBforward_expansion_filter (see 'postconf -d' output)\fR"
+Restrict the characters that the \fBlocal\fR(8) delivery agent allows in
+$name expansions of $forward_path.
+.PP
+Available in Postfix version 2.2 and later:
+.IP "\fBexecution_directory_expansion_filter (see 'postconf -d' output)\fR"
+Restrict the characters that the \fBlocal\fR(8) delivery agent allows
+in $name expansions of $command_execution_directory.
+.PP
+Available in Postfix version 2.5.3 and later:
+.IP "\fBstrict_mailbox_ownership (yes)\fR"
+Defer delivery when a mailbox file is not owned by its recipient.
+.SH "MISCELLANEOUS CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBdaemon_timeout (18000s)\fR"
+How much time a Postfix daemon process may take to handle a
+request before it is terminated by a built\-in watchdog timer.
+.IP "\fBdelay_logging_resolution_limit (2)\fR"
+The maximal number of digits after the decimal point when logging
+sub\-second delay values.
+.IP "\fBexport_environment (see 'postconf -d' output)\fR"
+The list of environment variables that a Postfix process will export
+to non\-Postfix processes.
+.IP "\fBipc_timeout (3600s)\fR"
+The time limit for sending or receiving information over an internal
+communication channel.
+.IP "\fBlocal_command_shell (empty)\fR"
+Optional shell program for \fBlocal\fR(8) delivery to non\-Postfix commands.
+.IP "\fBmax_idle (100s)\fR"
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
+.IP "\fBmax_use (100)\fR"
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
+.IP "\fBprepend_delivered_header (command, file, forward)\fR"
+The message delivery contexts where the Postfix \fBlocal\fR(8) delivery
+agent prepends a Delivered\-To: message header with the address
+that the mail was delivered to.
+.IP "\fBprocess_id (read\-only)\fR"
+The process ID of a Postfix command or daemon process.
+.IP "\fBprocess_name (read\-only)\fR"
+The process name of a Postfix command or daemon process.
+.IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR"
+What address lookup tables copy an address extension from the lookup
+key to the lookup result.
+.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
+The location of the Postfix top\-level queue directory.
+.IP "\fBrecipient_delimiter (empty)\fR"
+The set of characters that can separate an email address
+localpart, user name, or a .forward file name from its extension.
+.IP "\fBrequire_home_directory (no)\fR"
+Require that a \fBlocal\fR(8) recipient's home directory exists
+before mail delivery is attempted.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix version 3.3 and later:
+.IP "\fBenable_original_recipient (yes)\fR"
+Enable support for the original recipient address after an
+address is rewritten to a different address (for example with
+aliasing or with canonical mapping).
+.IP "\fBservice_name (read\-only)\fR"
+The master.cf service name of a Postfix daemon process.
+.PP
+Available in Postfix 3.5 and later:
+.IP "\fBinfo_log_address_format (external)\fR"
+The email address form that will be used in non\-debug logging
+(info, warning, etc.).
+.SH "FILES"
+.na
+.nf
+The following are examples; details differ between systems.
+$HOME/.forward, per\-user aliasing
+/etc/aliases, system\-wide alias database
+/var/spool/mail, system mailboxes
+.SH "SEE ALSO"
+.na
+.nf
+qmgr(8), queue manager
+bounce(8), delivery status reports
+newaliases(1), create/update alias database
+postalias(1), create/update alias database
+aliases(5), format of alias database
+postconf(5), configuration parameters
+master(5), generic daemon options
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH HISTORY
+.ad
+.fi
+.ad
+.fi
+The \fBDelivered\-To:\fR message header appears in the \fBqmail\fR
+system by Daniel Bernstein.
+
+The \fImaildir\fR structure appears in the \fBqmail\fR system
+by Daniel Bernstein.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man8/master.8 b/man/man8/master.8
new file mode 100644
index 0000000..8c37de4
--- /dev/null
+++ b/man/man8/master.8
@@ -0,0 +1,225 @@
+.TH MASTER 8
+.ad
+.fi
+.SH NAME
+master
+\-
+Postfix master process
+.SH "SYNOPSIS"
+.na
+.nf
+\fBmaster\fR [\fB\-Dditvw\fR] [\fB\-c \fIconfig_dir\fR] [\fB\-e \fIexit_time\fR]
+.SH DESCRIPTION
+.ad
+.fi
+The \fBmaster\fR(8) daemon is the resident process that runs Postfix
+daemons on demand: daemons to send or receive messages via the
+network, daemons to deliver mail locally, etc. These daemons are
+created on demand up to a configurable maximum number per service.
+
+Postfix daemons terminate voluntarily, either after being idle for
+a configurable amount of time, or after having serviced a
+configurable number of requests. Exceptions to this rule are the
+resident queue manager, address verification server, and the TLS
+session cache and pseudo\-random number server.
+
+The behavior of the \fBmaster\fR(8) daemon is controlled by the
+\fBmaster.cf\fR configuration file, as described in \fBmaster\fR(5).
+
+Options:
+.IP "\fB\-c \fIconfig_dir\fR"
+Read the \fBmain.cf\fR and \fBmaster.cf\fR configuration files in
+the named directory instead of the default configuration directory.
+This also overrides the configuration files for other Postfix
+daemon processes.
+.IP \fB\-D\fR
+After initialization, run a debugger on the master process. The
+debugging command is specified with the \fBdebugger_command\fR in
+the \fBmain.cf\fR global configuration file.
+.IP \fB\-d\fR
+Do not redirect stdin, stdout or stderr to /dev/null, and
+do not discard the controlling terminal. This must be used
+for debugging only.
+.IP "\fB\-e \fIexit_time\fR"
+Terminate the master process after \fIexit_time\fR seconds. Child
+processes terminate at their convenience.
+.IP \fB\-i\fR
+Enable \fBinit\fR mode: do not become a session or process
+group leader; and similar to \fB\-s\fR, do not redirect stdout
+to /dev/null, so that "maillog_file = /dev/stdout" works.
+This mode is allowed only if the process ID equals 1.
+.sp
+This feature is available in Postfix 3.3 and later.
+.IP \fB\-s\fR
+Do not redirect stdout to /dev/null, so that "maillog_file
+= /dev/stdout" works.
+.sp
+This feature is available in Postfix 3.4 and later.
+.IP \fB\-t\fR
+Test mode. Return a zero exit status when the \fBmaster.pid\fR lock
+file does not exist or when that file is not locked. This is evidence
+that the \fBmaster\fR(8) daemon is not running.
+.IP \fB\-v\fR
+Enable verbose logging for debugging purposes. This option
+is passed on to child processes. Multiple \fB\-v\fR options
+make the software increasingly verbose.
+.IP \fB\-w\fR
+Wait in a dummy foreground process, while the real master
+daemon initializes in a background process. The dummy
+foreground process returns a zero exit status only if the
+master daemon initialization is successful, and if it
+completes in a reasonable amount of time.
+.sp
+This feature is available in Postfix 2.10 and later.
+.PP
+Signals:
+.IP \fBSIGHUP\fR
+Upon receipt of a \fBHUP\fR signal (e.g., after "\fBpostfix reload\fR"),
+the master process re\-reads its configuration files. If a service has
+been removed from the \fBmaster.cf\fR file, its running processes
+are terminated immediately.
+Otherwise, running processes are allowed to terminate as soon
+as is convenient, so that changes in configuration settings
+affect only new service requests.
+.IP \fBSIGTERM\fR
+Upon receipt of a \fBTERM\fR signal (e.g., after "\fBpostfix abort\fR"),
+the master process passes the signal on to its child processes and
+terminates.
+This is useful for an emergency shutdown. Normally one would
+terminate only the master ("\fBpostfix stop\fR") and allow running
+processes to finish what they are doing.
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems are reported to \fBsyslogd\fR(8) or \fBpostlogd\fR(8).
+The exit status
+is non\-zero in case of problems, including problems while
+initializing as a master daemon process in the background.
+.SH "ENVIRONMENT"
+.na
+.nf
+.ad
+.fi
+.IP \fBMAIL_DEBUG\fR
+After initialization, start a debugger as specified with the
+\fBdebugger_command\fR configuration parameter in the \fBmain.cf\fR
+configuration file.
+.IP \fBMAIL_CONFIG\fR
+Directory with Postfix configuration files.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+Unlike most Postfix daemon processes, the \fBmaster\fR(8) server does
+not automatically pick up changes to \fBmain.cf\fR. Changes
+to \fBmaster.cf\fR are never picked up automatically.
+Use the "\fBpostfix reload\fR" command after a configuration change.
+.SH "RESOURCE AND RATE CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBdefault_process_limit (100)\fR"
+The default maximal number of Postfix child processes that provide
+a given service.
+.IP "\fBmax_idle (100s)\fR"
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
+.IP "\fBmax_use (100)\fR"
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
+.IP "\fBservice_throttle_time (60s)\fR"
+How long the Postfix \fBmaster\fR(8) waits before forking a server that
+appears to be malfunctioning.
+.PP
+Available in Postfix version 2.6 and later:
+.IP "\fBmaster_service_disable (empty)\fR"
+Selectively disable \fBmaster\fR(8) listener ports by service type
+or by service name and type.
+.SH "MISCELLANEOUS CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBdaemon_directory (see 'postconf -d' output)\fR"
+The directory with Postfix support programs and daemon programs.
+.IP "\fBdebugger_command (empty)\fR"
+The external command to execute when a Postfix daemon program is
+invoked with the \-D option.
+.IP "\fBinet_interfaces (all)\fR"
+The network interface addresses that this mail system receives
+mail on.
+.IP "\fBinet_protocols (see 'postconf -d output')\fR"
+The Internet protocols Postfix will attempt to use when making
+or accepting connections.
+.IP "\fBimport_environment (see 'postconf -d' output)\fR"
+The list of environment parameters that a privileged Postfix
+process will import from a non\-Postfix parent process, or name=value
+environment overrides.
+.IP "\fBmail_owner (postfix)\fR"
+The UNIX system account that owns the Postfix queue and most Postfix
+daemon processes.
+.IP "\fBprocess_id (read\-only)\fR"
+The process ID of a Postfix command or daemon process.
+.IP "\fBprocess_name (read\-only)\fR"
+The process name of a Postfix command or daemon process.
+.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
+The location of the Postfix top\-level queue directory.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix 3.3 and later:
+.IP "\fBservice_name (read\-only)\fR"
+The master.cf service name of a Postfix daemon process.
+.PP
+Available in Postfix 3.6 and later:
+.IP "\fBknown_tcp_ports (lmtp=24, smtp=25, smtps=submissions=465, submission=587)\fR"
+Optional setting that avoids lookups in the \fBservices\fR(5) database.
+.SH "FILES"
+.na
+.nf
+.ad
+.fi
+To expand the directory names below into their actual values,
+use the command "\fBpostconf config_directory\fR" etc.
+.na
+.nf
+
+$config_directory/main.cf, global configuration file.
+$config_directory/master.cf, master server configuration file.
+$queue_directory/pid/master.pid, master lock file.
+$data_directory/master.lock, master lock file.
+.SH "SEE ALSO"
+.na
+.nf
+qmgr(8), queue manager
+verify(8), address verification
+master(5), master.cf configuration file syntax
+postconf(5), main.cf configuration file syntax
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man8/oqmgr.8 b/man/man8/oqmgr.8
new file mode 100644
index 0000000..61b4299
--- /dev/null
+++ b/man/man8/oqmgr.8
@@ -0,0 +1,425 @@
+.TH OQMGR 8
+.ad
+.fi
+.SH NAME
+oqmgr
+\-
+old Postfix queue manager
+.SH "SYNOPSIS"
+.na
+.nf
+\fBoqmgr\fR [generic Postfix daemon options]
+.SH DESCRIPTION
+.ad
+.fi
+The \fBoqmgr\fR(8) daemon awaits the arrival of incoming mail
+and arranges for its delivery via Postfix delivery processes.
+The actual mail routing strategy is delegated to the
+\fBtrivial\-rewrite\fR(8) daemon.
+This program expects to be run from the \fBmaster\fR(8) process
+manager.
+
+Mail addressed to the local \fBdouble\-bounce\fR address is
+logged and discarded. This stops potential loops caused by
+undeliverable bounce notifications.
+.SH "MAIL QUEUES"
+.na
+.nf
+.ad
+.fi
+The \fBoqmgr\fR(8) daemon maintains the following queues:
+.IP \fBincoming\fR
+Inbound mail from the network, or mail picked up by the
+local \fBpickup\fR(8) agent from the \fBmaildrop\fR directory.
+.IP \fBactive\fR
+Messages that the queue manager has opened for delivery. Only
+a limited number of messages is allowed to enter the \fBactive\fR
+queue (leaky bucket strategy, for a fixed delivery rate).
+.IP \fBdeferred\fR
+Mail that could not be delivered upon the first attempt. The queue
+manager implements exponential backoff by doubling the time between
+delivery attempts.
+.IP \fBcorrupt\fR
+Unreadable or damaged queue files are moved here for inspection.
+.IP \fBhold\fR
+Messages that are kept "on hold" are kept here until someone
+sets them free.
+.SH "DELIVERY STATUS REPORTS"
+.na
+.nf
+.ad
+.fi
+The \fBoqmgr\fR(8) daemon keeps an eye on per\-message delivery status
+reports in the following directories. Each status report file has
+the same name as the corresponding message file:
+.IP \fBbounce\fR
+Per\-recipient status information about why mail is bounced.
+These files are maintained by the \fBbounce\fR(8) daemon.
+.IP \fBdefer\fR
+Per\-recipient status information about why mail is delayed.
+These files are maintained by the \fBdefer\fR(8) daemon.
+.IP \fBtrace\fR
+Per\-recipient status information as requested with the
+Postfix "\fBsendmail \-v\fR" or "\fBsendmail \-bv\fR" command.
+These files are maintained by the \fBtrace\fR(8) daemon.
+.PP
+The \fBoqmgr\fR(8) daemon is responsible for asking the
+\fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemons to
+send delivery reports.
+.SH "STRATEGIES"
+.na
+.nf
+.ad
+.fi
+The queue manager implements a variety of strategies for
+either opening queue files (input) or for message delivery (output).
+.IP "\fBleaky bucket\fR"
+This strategy limits the number of messages in the \fBactive\fR queue
+and prevents the queue manager from running out of memory under
+heavy load.
+.IP \fBfairness\fR
+When the \fBactive\fR queue has room, the queue manager takes one
+message from the \fBincoming\fR queue and one from the \fBdeferred\fR
+queue. This prevents a large mail backlog from blocking the delivery
+of new mail.
+.IP "\fBslow start\fR"
+This strategy eliminates "thundering herd" problems by slowly
+adjusting the number of parallel deliveries to the same destination.
+.IP "\fBround robin\fR"
+The queue manager sorts delivery requests by destination.
+Round\-robin selection prevents one destination from dominating
+deliveries to other destinations.
+.IP "\fBexponential backoff\fR"
+Mail that cannot be delivered upon the first attempt is deferred.
+The time interval between delivery attempts is doubled after each
+attempt.
+.IP "\fBdestination status cache\fR"
+The queue manager avoids unnecessary delivery attempts by
+maintaining a short\-term, in\-memory list of unreachable destinations.
+.SH "TRIGGERS"
+.na
+.nf
+.ad
+.fi
+On an idle system, the queue manager waits for the arrival of
+trigger events, or it waits for a timer to go off. A trigger
+is a one\-byte message.
+Depending on the message received, the queue manager performs
+one of the following actions (the message is followed by the
+symbolic constant used internally by the software):
+.IP "\fBD (QMGR_REQ_SCAN_DEFERRED)\fR"
+Start a deferred queue scan. If a deferred queue scan is already
+in progress, that scan will be restarted as soon as it finishes.
+.IP "\fBI (QMGR_REQ_SCAN_INCOMING)\fR"
+Start an incoming queue scan. If an incoming queue scan is already
+in progress, that scan will be restarted as soon as it finishes.
+.IP "\fBA (QMGR_REQ_SCAN_ALL)\fR"
+Ignore deferred queue file time stamps. The request affects
+the next deferred queue scan.
+.IP "\fBF (QMGR_REQ_FLUSH_DEAD)\fR"
+Purge all information about dead transports and destinations.
+.IP "\fBW (TRIGGER_REQ_WAKEUP)\fR"
+Wakeup call, This is used by the master server to instantiate
+servers that should not go away forever. The action is to start
+an incoming queue scan.
+.PP
+The \fBoqmgr\fR(8) daemon reads an entire buffer worth of triggers.
+Multiple identical trigger requests are collapsed into one, and
+trigger requests are sorted so that \fBA\fR and \fBF\fR precede
+\fBD\fR and \fBI\fR. Thus, in order to force a deferred queue run,
+one would request \fBA F D\fR; in order to notify the queue manager
+of the arrival of new mail one would request \fBI\fR.
+.SH "STANDARDS"
+.na
+.nf
+RFC 3463 (Enhanced status codes)
+RFC 3464 (Delivery status notifications)
+.SH "SECURITY"
+.na
+.nf
+.ad
+.fi
+The \fBoqmgr\fR(8) daemon is not security sensitive. It reads
+single\-character messages from untrusted local users, and thus may
+be susceptible to denial of service attacks. The \fBoqmgr\fR(8) daemon
+does not talk to the outside world, and it can be run at fixed low
+privilege in a chrooted environment.
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems and transactions are logged to the \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8) daemon.
+Corrupted message files are saved to the \fBcorrupt\fR queue
+for further inspection.
+
+Depending on the setting of the \fBnotify_classes\fR parameter,
+the postmaster is notified of bounces and of other trouble.
+.SH BUGS
+.ad
+.fi
+A single queue manager process has to compete for disk access with
+multiple front\-end processes such as \fBcleanup\fR(8). A sudden burst of
+inbound mail can negatively impact outbound delivery rates.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+Changes to \fBmain.cf\fR are not picked up automatically,
+as \fBoqmgr\fR(8)
+is a persistent process. Use the command "\fBpostfix reload\fR" after
+a configuration change.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+
+In the text below, \fItransport\fR is the first field in a
+\fBmaster.cf\fR entry.
+.SH "COMPATIBILITY CONTROLS"
+.na
+.nf
+.ad
+.fi
+Available before Postfix version 2.5:
+.IP "\fBallow_min_user (no)\fR"
+Allow a sender or recipient address to have `\-' as the first
+character.
+.PP
+Available with Postfix version 2.7 and later:
+.IP "\fBdefault_filter_nexthop (empty)\fR"
+When a content_filter or FILTER request specifies no explicit
+next\-hop destination, use $default_filter_nexthop instead; when
+that value is empty, use the domain in the recipient address.
+.SH "ACTIVE QUEUE CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBqmgr_clog_warn_time (300s)\fR"
+The minimal delay between warnings that a specific destination is
+clogging up the Postfix active queue.
+.IP "\fBqmgr_message_active_limit (20000)\fR"
+The maximal number of messages in the active queue.
+.IP "\fBqmgr_message_recipient_limit (20000)\fR"
+The maximal number of recipients held in memory by the Postfix
+queue manager, and the maximal size of the short\-term,
+in\-memory "dead" destination status cache.
+.SH "DELIVERY CONCURRENCY CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBqmgr_fudge_factor (100)\fR"
+Obsolete feature: the percentage of delivery resources that a busy
+mail system will use up for delivery of a large mailing list
+message.
+.IP "\fBinitial_destination_concurrency (5)\fR"
+The initial per\-destination concurrency level for parallel delivery
+to the same destination.
+.IP "\fBdefault_destination_concurrency_limit (20)\fR"
+The default maximal number of parallel deliveries to the same
+destination.
+.IP "\fBtransport_destination_concurrency_limit ($default_destination_concurrency_limit)\fR"
+A transport\-specific override for the
+default_destination_concurrency_limit parameter value, where
+\fItransport\fR is the master.cf name of the message delivery
+transport.
+.PP
+Available in Postfix version 2.5 and later:
+.IP "\fBtransport_initial_destination_concurrency ($initial_destination_concurrency)\fR"
+A transport\-specific override for the initial_destination_concurrency
+parameter value, where \fItransport\fR is the master.cf name of
+the message delivery transport.
+.IP "\fBdefault_destination_concurrency_failed_cohort_limit (1)\fR"
+How many pseudo\-cohorts must suffer connection or handshake
+failure before a specific destination is considered unavailable
+(and further delivery is suspended).
+.IP "\fBtransport_destination_concurrency_failed_cohort_limit ($default_destination_concurrency_failed_cohort_limit)\fR"
+A transport\-specific override for the
+default_destination_concurrency_failed_cohort_limit parameter value,
+where \fItransport\fR is the master.cf name of the message delivery
+transport.
+.IP "\fBdefault_destination_concurrency_negative_feedback (1)\fR"
+The per\-destination amount of delivery concurrency negative
+feedback, after a delivery completes with a connection or handshake
+failure.
+.IP "\fBtransport_destination_concurrency_negative_feedback ($default_destination_concurrency_negative_feedback)\fR"
+A transport\-specific override for the
+default_destination_concurrency_negative_feedback parameter value,
+where \fItransport\fR is the master.cf name of the message delivery
+transport.
+.IP "\fBdefault_destination_concurrency_positive_feedback (1)\fR"
+The per\-destination amount of delivery concurrency positive
+feedback, after a delivery completes without connection or handshake
+failure.
+.IP "\fBtransport_destination_concurrency_positive_feedback ($default_destination_concurrency_positive_feedback)\fR"
+A transport\-specific override for the
+default_destination_concurrency_positive_feedback parameter value,
+where \fItransport\fR is the master.cf name of the message delivery
+transport.
+.IP "\fBdestination_concurrency_feedback_debug (no)\fR"
+Make the queue manager's feedback algorithm verbose for performance
+analysis purposes.
+.SH "RECIPIENT SCHEDULING CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBdefault_destination_recipient_limit (50)\fR"
+The default maximal number of recipients per message delivery.
+.IP "\fBtransport_destination_recipient_limit ($default_destination_recipient_limit)\fR"
+A transport\-specific override for the
+default_destination_recipient_limit parameter value, where
+\fItransport\fR is the master.cf name of the message delivery
+transport.
+.SH "OTHER RESOURCE AND RATE CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBminimal_backoff_time (300s)\fR"
+The minimal time between attempts to deliver a deferred message;
+prior to Postfix 2.4 the default value was 1000s.
+.IP "\fBmaximal_backoff_time (4000s)\fR"
+The maximal time between attempts to deliver a deferred message.
+.IP "\fBmaximal_queue_lifetime (5d)\fR"
+Consider a message as undeliverable, when delivery fails with a
+temporary error, and the time in the queue has reached the
+maximal_queue_lifetime limit.
+.IP "\fBqueue_run_delay (300s)\fR"
+The time between deferred queue scans by the queue manager;
+prior to Postfix 2.4 the default value was 1000s.
+.IP "\fBtransport_retry_time (60s)\fR"
+The time between attempts by the Postfix queue manager to contact
+a malfunctioning message delivery transport.
+.PP
+Available in Postfix version 2.1 and later:
+.IP "\fBbounce_queue_lifetime (5d)\fR"
+Consider a bounce message as undeliverable, when delivery fails
+with a temporary error, and the time in the queue has reached the
+bounce_queue_lifetime limit.
+.PP
+Available in Postfix version 2.5 and later:
+.IP "\fBdefault_destination_rate_delay (0s)\fR"
+The default amount of delay that is inserted between individual
+message deliveries to the same destination and over the same message
+delivery transport.
+.IP "\fBtransport_destination_rate_delay ($default_destination_rate_delay)\fR"
+A transport\-specific override for the default_destination_rate_delay
+parameter value, where \fItransport\fR is the master.cf name of
+the message delivery transport.
+.PP
+Available in Postfix version 3.1 and later:
+.IP "\fBdefault_transport_rate_delay (0s)\fR"
+The default amount of delay that is inserted between individual
+message deliveries over the same message delivery transport,
+regardless of destination.
+.IP "\fBtransport_transport_rate_delay ($default_transport_rate_delay)\fR"
+A transport\-specific override for the default_transport_rate_delay
+parameter value, where the initial \fItransport\fR in the parameter
+name is the master.cf name of the message delivery transport.
+.SH "SAFETY CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBqmgr_daemon_timeout (1000s)\fR"
+How much time a Postfix queue manager process may take to handle
+a request before it is terminated by a built\-in watchdog timer.
+.IP "\fBqmgr_ipc_timeout (60s)\fR"
+The time limit for the queue manager to send or receive information
+over an internal communication channel.
+.PP
+Available in Postfix version 3.1 and later:
+.IP "\fBaddress_verify_pending_request_limit (see 'postconf -d' output)\fR"
+A safety limit that prevents address verification requests from
+overwhelming the Postfix queue.
+.SH "MISCELLANEOUS CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBdefer_transports (empty)\fR"
+The names of message delivery transports that should not deliver mail
+unless someone issues "\fBsendmail \-q\fR" or equivalent.
+.IP "\fBdelay_logging_resolution_limit (2)\fR"
+The maximal number of digits after the decimal point when logging
+sub\-second delay values.
+.IP "\fBhelpful_warnings (yes)\fR"
+Log warnings about problematic configuration settings, and provide
+helpful suggestions.
+.IP "\fBprocess_id (read\-only)\fR"
+The process ID of a Postfix command or daemon process.
+.IP "\fBprocess_name (read\-only)\fR"
+The process name of a Postfix command or daemon process.
+.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
+The location of the Postfix top\-level queue directory.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix version 3.0 and later:
+.IP "\fBconfirm_delay_cleared (no)\fR"
+After sending a "your message is delayed" notification, inform
+the sender when the delay clears up.
+.PP
+Available in Postfix 3.3 and later:
+.IP "\fBservice_name (read\-only)\fR"
+The master.cf service name of a Postfix daemon process.
+.PP
+Available in Postfix 3.5 and later:
+.IP "\fBinfo_log_address_format (external)\fR"
+The email address form that will be used in non\-debug logging
+(info, warning, etc.).
+.SH "FILES"
+.na
+.nf
+/var/spool/postfix/incoming, incoming queue
+/var/spool/postfix/active, active queue
+/var/spool/postfix/deferred, deferred queue
+/var/spool/postfix/bounce, non\-delivery status
+/var/spool/postfix/defer, non\-delivery status
+/var/spool/postfix/trace, delivery status
+.SH "SEE ALSO"
+.na
+.nf
+trivial\-rewrite(8), address routing
+bounce(8), delivery status reports
+postconf(5), configuration parameters
+master(5), generic daemon options
+master(8), process manager
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+QSHAPE_README, Postfix queue analysis
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man8/pickup.8 b/man/man8/pickup.8
new file mode 100644
index 0000000..fd5d922
--- /dev/null
+++ b/man/man8/pickup.8
@@ -0,0 +1,141 @@
+.TH PICKUP 8
+.ad
+.fi
+.SH NAME
+pickup
+\-
+Postfix local mail pickup
+.SH "SYNOPSIS"
+.na
+.nf
+\fBpickup\fR [generic Postfix daemon options]
+.SH DESCRIPTION
+.ad
+.fi
+The \fBpickup\fR(8) daemon waits for hints that new mail has been
+dropped into the \fBmaildrop\fR directory, and feeds it into the
+\fBcleanup\fR(8) daemon.
+Ill\-formatted files are deleted without notifying the originator.
+This program expects to be run from the \fBmaster\fR(8) process
+manager.
+.SH "STANDARDS"
+.na
+.nf
+.ad
+.fi
+None. The \fBpickup\fR(8) daemon does not interact with
+the outside world.
+.SH "SECURITY"
+.na
+.nf
+.ad
+.fi
+The \fBpickup\fR(8) daemon is moderately security sensitive. It runs
+with fixed low privilege and can run in a chrooted environment.
+However, the program reads files from potentially hostile users.
+The \fBpickup\fR(8) daemon opens no files for writing, is careful about
+what files it opens for reading, and does not actually touch any data
+that is sent to its public service endpoint.
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
+.SH BUGS
+.ad
+.fi
+The \fBpickup\fR(8) daemon copies mail from file to the \fBcleanup\fR(8)
+daemon. It could avoid message copying overhead by sending a file
+descriptor instead of file data, but then the already complex
+\fBcleanup\fR(8) daemon would have to deal with unfiltered user data.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+As the \fBpickup\fR(8) daemon is a relatively long\-running process, up
+to an hour may pass before a \fBmain.cf\fR change takes effect.
+Use the command "\fBpostfix reload\fR" command to speed up a change.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.SH "CONTENT INSPECTION CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBcontent_filter (empty)\fR"
+After the message is queued, send the entire message to the
+specified \fItransport:destination\fR.
+.IP "\fBreceive_override_options (empty)\fR"
+Enable or disable recipient validation, built\-in content
+filtering, or address mapping.
+.SH "MISCELLANEOUS CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBipc_timeout (3600s)\fR"
+The time limit for sending or receiving information over an internal
+communication channel.
+.IP "\fBline_length_limit (2048)\fR"
+Upon input, long lines are chopped up into pieces of at most
+this length; upon delivery, long lines are reconstructed.
+.IP "\fBmax_idle (100s)\fR"
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
+.IP "\fBmax_use (100)\fR"
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
+.IP "\fBprocess_id (read\-only)\fR"
+The process ID of a Postfix command or daemon process.
+.IP "\fBprocess_name (read\-only)\fR"
+The process name of a Postfix command or daemon process.
+.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
+The location of the Postfix top\-level queue directory.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix 3.3 and later:
+.IP "\fBservice_name (read\-only)\fR"
+The master.cf service name of a Postfix daemon process.
+.PP
+Available in Postfix 3.5 and later:
+.IP "\fBinfo_log_address_format (external)\fR"
+The email address form that will be used in non\-debug logging
+(info, warning, etc.).
+.SH "SEE ALSO"
+.na
+.nf
+cleanup(8), message canonicalization
+sendmail(1), Sendmail\-compatible interface
+postdrop(1), mail posting agent
+postconf(5), configuration parameters
+master(5), generic daemon options
+master(8), process manager
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man8/pipe.8 b/man/man8/pipe.8
new file mode 100644
index 0000000..8e54eaf
--- /dev/null
+++ b/man/man8/pipe.8
@@ -0,0 +1,484 @@
+.TH PIPE 8
+.ad
+.fi
+.SH NAME
+pipe
+\-
+Postfix delivery to external command
+.SH "SYNOPSIS"
+.na
+.nf
+\fBpipe\fR [generic Postfix daemon options] command_attributes...
+.SH DESCRIPTION
+.ad
+.fi
+The \fBpipe\fR(8) daemon processes requests from the Postfix queue
+manager to deliver messages to external commands.
+This program expects to be run from the \fBmaster\fR(8) process
+manager.
+
+Message attributes such as sender address, recipient address and
+next\-hop host name can be specified as command\-line macros that are
+expanded before the external command is executed.
+
+The \fBpipe\fR(8) daemon updates queue files and marks recipients
+as finished, or it informs the queue manager that delivery should
+be tried again at a later time. Delivery status reports are sent
+to the \fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemon as
+appropriate.
+.SH "SINGLE-RECIPIENT DELIVERY"
+.na
+.nf
+.ad
+.fi
+Some destinations cannot handle more than one recipient per
+delivery request. Examples are pagers or fax machines.
+In addition, multi\-recipient delivery is undesirable when
+prepending a \fBDelivered\-to:\fR or \fBX\-Original\-To:\fR
+message header.
+
+To prevent Postfix from sending multiple recipients per delivery
+request, specify
+.sp
+.nf
+ \fItransport\fB_destination_recipient_limit = 1\fR
+.fi
+
+in the Postfix \fBmain.cf\fR file, where \fItransport\fR
+is the name in the first column of the Postfix \fBmaster.cf\fR
+entry for the pipe\-based delivery transport.
+.SH "COMMAND ATTRIBUTE SYNTAX"
+.na
+.nf
+.ad
+.fi
+The external command attributes are given in the \fBmaster.cf\fR
+file at the end of a service definition. The syntax is as follows:
+.IP "\fBchroot=\fIpathname\fR (optional)"
+Change the process root directory and working directory to
+the named directory. This happens before switching to the
+privileges specified with the \fBuser\fR attribute, and
+before executing the optional \fBdirectory=\fIpathname\fR
+directive. Delivery is deferred in case of failure.
+.sp
+This feature is available as of Postfix 2.3.
+.IP "\fBdirectory=\fIpathname\fR (optional)"
+Change to the named directory before executing the external command.
+The directory must be accessible for the user specified with the
+\fBuser\fR attribute (see below).
+The default working directory is \fB$queue_directory\fR.
+Delivery is deferred in case of failure.
+.sp
+This feature is available as of Postfix 2.2.
+.IP "\fBeol=\fIstring\fR (optional, default: \fB\en\fR)"
+The output record delimiter. Typically one would use either
+\fB\er\en\fR or \fB\en\fR. The usual C\-style backslash escape
+sequences are recognized: \fB\ea \eb \ef \en \er \et \ev
+\e\fIddd\fR (up to three octal digits) and \fB\e\e\fR.
+.IP "\fBflags=BDFORXhqu.>\fR (optional)"
+Optional message processing flags. By default, a message is
+copied unchanged.
+.RS
+.IP \fBB\fR
+Append a blank line at the end of each message. This is required
+by some mail user agents that recognize "\fBFrom \fR" lines only
+when preceded by a blank line.
+.IP \fBD\fR
+Prepend a "\fBDelivered\-To: \fIrecipient\fR" message header with the
+envelope recipient address. Note: for this to work, the
+\fItransport\fB_destination_recipient_limit\fR must be 1
+(see SINGLE\-RECIPIENT DELIVERY above for details).
+.sp
+The \fBD\fR flag also enforces loop detection (Postfix 2.5 and later):
+if a message already contains a \fBDelivered\-To:\fR header
+with the same recipient address, then the message is
+returned as undeliverable. The address comparison is case
+insensitive.
+.sp
+This feature is available as of Postfix 2.0.
+.IP \fBF\fR
+Prepend a "\fBFrom \fIsender time_stamp\fR" envelope header to
+the message content.
+This is expected by, for example, \fBUUCP\fR software.
+.IP \fBO\fR
+Prepend an "\fBX\-Original\-To: \fIrecipient\fR" message header
+with the recipient address as given to Postfix. Note: for this to
+work, the \fItransport\fB_destination_recipient_limit\fR must be 1
+(see SINGLE\-RECIPIENT DELIVERY above for details).
+.sp
+This feature is available as of Postfix 2.0.
+.IP \fBR\fR
+Prepend a \fBReturn\-Path:\fR message header with the envelope sender
+address.
+.IP \fBX\fR
+Indicate that the external command performs final delivery.
+This flag affects the status reported in "success" DSN
+(delivery status notification) messages, and changes it
+from "relayed" into "delivered".
+.sp
+This feature is available as of Postfix 2.5.
+.IP \fBh\fR
+Fold the command\-line \fB$original_recipient\fR and
+\fB$recipient\fR address domain part
+(text to the right of the right\-most \fB@\fR character) to
+lower case; fold the entire command\-line \fB$domain\fR and
+\fB$nexthop\fR host or domain information to lower case.
+This is recommended for delivery via \fBUUCP\fR.
+.IP \fBq\fR
+Quote white space and other special characters in the command\-line
+\fB$sender\fR, \fB$original_recipient\fR and \fB$recipient\fR
+address localparts (text to the
+left of the right\-most \fB@\fR character), according to an 8\-bit
+transparent version of RFC 822.
+This is recommended for delivery via \fBUUCP\fR or \fBBSMTP\fR.
+.sp
+The result is compatible with the address parsing of command\-line
+recipients by the Postfix \fBsendmail\fR(1) mail submission command.
+.sp
+The \fBq\fR flag affects only entire addresses, not the partial
+address information from the \fB$user\fR, \fB$extension\fR or
+\fB$mailbox\fR command\-line macros.
+.IP \fBu\fR
+Fold the command\-line \fB$original_recipient\fR and
+\fB$recipient\fR address localpart (text to
+the left of the right\-most \fB@\fR character) to lower case.
+This is recommended for delivery via \fBUUCP\fR.
+.IP \fB.\fR
+Prepend "\fB.\fR" to lines starting with "\fB.\fR". This is needed
+by, for example, \fBBSMTP\fR software.
+.IP \fB>\fR
+Prepend "\fB>\fR" to lines starting with "\fBFrom \fR". This is expected
+by, for example, \fBUUCP\fR software.
+.RE
+.IP "\fBnull_sender\fR=\fIreplacement\fR (default: MAILER\-DAEMON)"
+Replace the null sender address (typically used for delivery
+status notifications) with the specified text
+when expanding the \fB$sender\fR command\-line macro, and
+when generating a From_ or Return\-Path: message header.
+
+If the null sender replacement text is a non\-empty string
+then it is affected by the \fBq\fR flag for address quoting
+in command\-line arguments.
+
+The null sender replacement text may be empty; this form
+is recommended for content filters that feed mail back into
+Postfix. The empty sender address is not affected by the
+\fBq\fR flag for address quoting in command\-line arguments.
+.sp
+Caution: a null sender address is easily mis\-parsed by
+naive software. For example, when the \fBpipe\fR(8) daemon
+executes a command such as:
+.sp
+.nf
+ \fIWrong\fR: command \-f$sender \-\- $recipient
+.fi
+.IP
+the command will mis\-parse the \-f option value when the
+sender address is a null string. For correct parsing,
+specify \fB$sender\fR as an argument by itself:
+.sp
+.nf
+ \fIRight\fR: command \-f $sender \-\- $recipient
+.fi
+NOTE: DO NOT put quotes around the command, $sender, or $recipient.
+.IP
+This feature is available as of Postfix 2.3.
+.IP "\fBsize\fR=\fIsize_limit\fR (optional)"
+Don't deliver messages that exceed this size limit (in
+bytes); return them to the sender instead.
+.IP "\fBuser\fR=\fIusername\fR (required)"
+.IP "\fBuser\fR=\fIusername\fR:\fIgroupname\fR"
+Execute the external command with the user ID and group ID of the
+specified \fIusername\fR. The software refuses to execute
+commands with root privileges, or with the privileges of the
+mail system owner. If \fIgroupname\fR is specified, the
+corresponding group ID is used instead of the group ID of
+\fIusername\fR.
+.IP "\fBargv\fR=\fIcommand\fR... (required)"
+The command to be executed. This must be specified as the
+last command attribute.
+The command is executed directly, i.e. without interpretation of
+shell meta characters by a shell command interpreter.
+.sp
+Specify "{" and "}" around command arguments that contain
+whitespace (Postfix 3.0 and later). Whitespace
+after the opening "{" and before the closing "}" is ignored.
+.sp
+In the command argument vector, the following macros are recognized
+and replaced with corresponding information from the Postfix queue
+manager delivery request.
+.sp
+In addition to the form ${\fIname\fR}, the forms $\fIname\fR and
+the deprecated form $(\fIname\fR) are also recognized.
+Specify \fB$$\fR where a single \fB$\fR is wanted.
+.RS
+.IP \fB${client_address}\fR
+This macro expands to the remote client network address.
+.sp
+This feature is available as of Postfix 2.2.
+.IP \fB${client_helo}\fR
+This macro expands to the remote client HELO command parameter.
+.sp
+This feature is available as of Postfix 2.2.
+.IP \fB${client_hostname}\fR
+This macro expands to the remote client hostname.
+.sp
+This feature is available as of Postfix 2.2.
+.IP \fB${client_port}\fR
+This macro expands to the remote client TCP port number.
+.sp
+This feature is available as of Postfix 2.5.
+.IP \fB${client_protocol}\fR
+This macro expands to the remote client protocol.
+.sp
+This feature is available as of Postfix 2.2.
+.IP \fB${domain}\fR
+This macro expands to the domain portion of the recipient
+address. For example, with an address \fIuser+foo@domain\fR
+the domain is \fIdomain\fR.
+.sp
+This information is modified by the \fBh\fR flag for case folding.
+.sp
+This feature is available as of Postfix 2.5.
+.IP \fB${extension}\fR
+This macro expands to the extension part of a recipient address.
+For example, with an address \fIuser+foo@domain\fR the extension is
+\fIfoo\fR.
+.sp
+A command\-line argument that contains \fB${extension}\fR expands
+into as many command\-line arguments as there are recipients.
+.sp
+This information is modified by the \fBu\fR flag for case folding.
+.IP \fB${mailbox}\fR
+This macro expands to the complete local part of a recipient address.
+For example, with an address \fIuser+foo@domain\fR the mailbox is
+\fIuser+foo\fR.
+.sp
+A command\-line argument that contains \fB${mailbox}\fR
+expands to as many command\-line arguments as there are recipients.
+.sp
+This information is modified by the \fBu\fR flag for case folding.
+.IP \fB${nexthop}\fR
+This macro expands to the next\-hop hostname.
+.sp
+This information is modified by the \fBh\fR flag for case folding.
+.IP \fB${original_recipient}\fR
+This macro expands to the complete recipient address before any
+address rewriting or aliasing.
+.sp
+A command\-line argument that contains
+\fB${original_recipient}\fR expands to as many
+command\-line arguments as there are recipients.
+.sp
+This information is modified by the \fBhqu\fR flags for quoting
+and case folding.
+.sp
+This feature is available as of Postfix 2.5.
+.IP \fB${queue_id}\fR
+This macro expands to the queue id.
+.sp
+This feature is available as of Postfix 2.11.
+.IP \fB${recipient}\fR
+This macro expands to the complete recipient address.
+.sp
+A command\-line argument that contains \fB${recipient}\fR
+expands to as many command\-line arguments as there are recipients.
+.sp
+This information is modified by the \fBhqu\fR flags for quoting
+and case folding.
+.IP \fB${sasl_method}\fR
+This macro expands to the name of the SASL authentication
+mechanism in the AUTH command when the Postfix SMTP server
+received the message.
+.sp
+This feature is available as of Postfix 2.2.
+.IP \fB${sasl_sender}\fR
+This macro expands to the SASL sender name (i.e. the original
+submitter as per RFC 4954) in the MAIL FROM command when
+the Postfix SMTP server received the message.
+.sp
+This feature is available as of Postfix 2.2.
+.IP \fB${sasl_username}\fR
+This macro expands to the SASL user name in the AUTH command
+when the Postfix SMTP server received the message.
+.sp
+This feature is available as of Postfix 2.2.
+.IP \fB${sender}\fR
+This macro expands to the envelope sender address. By default,
+the null sender address expands to MAILER\-DAEMON; this can
+be changed with the \fBnull_sender\fR attribute, as described
+above.
+.sp
+This information is modified by the \fBq\fR flag for quoting.
+.IP \fB${size}\fR
+This macro expands to Postfix's idea of the message size, which
+is an approximation of the size of the message as delivered.
+.IP \fB${user}\fR
+This macro expands to the username part of a recipient address.
+For example, with an address \fIuser+foo@domain\fR the username
+part is \fIuser\fR.
+.sp
+A command\-line argument that contains \fB${user}\fR expands
+into as many command\-line arguments as there are recipients.
+.sp
+This information is modified by the \fBu\fR flag for case folding.
+.RE
+.SH "STANDARDS"
+.na
+.nf
+RFC 3463 (Enhanced status codes)
+.SH DIAGNOSTICS
+.ad
+.fi
+Command exit status codes are expected to
+follow the conventions defined in <\fBsysexits.h\fR>.
+Exit status 0 means normal successful completion.
+
+In the case of a non\-zero exit status, a limited amount of
+command output is logged, and reported in a delivery status
+notification. When the output begins with a 4.X.X or 5.X.X
+enhanced status code, the status code takes precedence over
+the non\-zero exit status (Postfix version 2.3 and later).
+
+After successful delivery (zero exit status) a limited
+amount of command output is logged, and reported in "success"
+delivery status notifications (Postfix 3.0 and later).
+This command output is not examined for the presence of an
+enhanced status code.
+
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
+Corrupted message files are marked so that the queue manager
+can move them to the \fBcorrupt\fR queue for further inspection.
+.SH "SECURITY"
+.na
+.nf
+.fi
+.ad
+This program needs a dual personality 1) to access the private
+Postfix queue and IPC mechanisms, and 2) to execute external
+commands as the specified user. It is therefore security sensitive.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+Changes to \fBmain.cf\fR are picked up automatically as \fBpipe\fR(8)
+processes run for only a limited amount of time. Use the command
+"\fBpostfix reload\fR" to speed up a change.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.SH "RESOURCE AND RATE CONTROLS"
+.na
+.nf
+.ad
+.fi
+In the text below, \fItransport\fR is the first field in a
+\fBmaster.cf\fR entry.
+.IP "\fBtransport_time_limit ($command_time_limit)\fR"
+A transport\-specific override for the command_time_limit parameter
+value, where \fItransport\fR is the master.cf name of the message
+delivery transport.
+.PP
+Implemented in the qmgr(8) daemon:
+.IP "\fBtransport_destination_concurrency_limit ($default_destination_concurrency_limit)\fR"
+A transport\-specific override for the
+default_destination_concurrency_limit parameter value, where
+\fItransport\fR is the master.cf name of the message delivery
+transport.
+.IP "\fBtransport_destination_recipient_limit ($default_destination_recipient_limit)\fR"
+A transport\-specific override for the
+default_destination_recipient_limit parameter value, where
+\fItransport\fR is the master.cf name of the message delivery
+transport.
+.SH "MISCELLANEOUS CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBdaemon_timeout (18000s)\fR"
+How much time a Postfix daemon process may take to handle a
+request before it is terminated by a built\-in watchdog timer.
+.IP "\fBdelay_logging_resolution_limit (2)\fR"
+The maximal number of digits after the decimal point when logging
+sub\-second delay values.
+.IP "\fBexport_environment (see 'postconf -d' output)\fR"
+The list of environment variables that a Postfix process will export
+to non\-Postfix processes.
+.IP "\fBipc_timeout (3600s)\fR"
+The time limit for sending or receiving information over an internal
+communication channel.
+.IP "\fBmail_owner (postfix)\fR"
+The UNIX system account that owns the Postfix queue and most Postfix
+daemon processes.
+.IP "\fBmax_idle (100s)\fR"
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
+.IP "\fBmax_use (100)\fR"
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
+.IP "\fBprocess_id (read\-only)\fR"
+The process ID of a Postfix command or daemon process.
+.IP "\fBprocess_name (read\-only)\fR"
+The process name of a Postfix command or daemon process.
+.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
+The location of the Postfix top\-level queue directory.
+.IP "\fBrecipient_delimiter (empty)\fR"
+The set of characters that can separate an email address
+localpart, user name, or a .forward file name from its extension.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix version 3.0 and later:
+.IP "\fBpipe_delivery_status_filter ($default_delivery_status_filter)\fR"
+Optional filter for the \fBpipe\fR(8) delivery agent to change the
+delivery status code or explanatory text of successful or unsuccessful
+deliveries.
+.PP
+Available in Postfix version 3.3 and later:
+.IP "\fBenable_original_recipient (yes)\fR"
+Enable support for the original recipient address after an
+address is rewritten to a different address (for example with
+aliasing or with canonical mapping).
+.IP "\fBservice_name (read\-only)\fR"
+The master.cf service name of a Postfix daemon process.
+.PP
+Available in Postfix 3.5 and later:
+.IP "\fBinfo_log_address_format (external)\fR"
+The email address form that will be used in non\-debug logging
+(info, warning, etc.).
+.SH "SEE ALSO"
+.na
+.nf
+qmgr(8), queue manager
+bounce(8), delivery status reports
+postconf(5), configuration parameters
+master(5), generic daemon options
+master(8), process manager
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man8/postlogd.8 b/man/man8/postlogd.8
new file mode 100644
index 0000000..9168a34
--- /dev/null
+++ b/man/man8/postlogd.8
@@ -0,0 +1,102 @@
+.TH POSTLOGD 8
+.ad
+.fi
+.SH NAME
+postlogd
+\-
+Postfix internal log server
+.SH "SYNOPSIS"
+.na
+.nf
+\fBpostlogd\fR [generic Postfix daemon options]
+.SH DESCRIPTION
+.ad
+.fi
+This program logs events on behalf of Postfix programs
+when the maillog configuration parameter specifies a non\-empty
+value.
+.SH BUGS
+.ad
+.fi
+Non\-daemon Postfix programs don't know that they should log
+to the internal logging service before they have processed
+command\-line options and main.cf parameters. These programs
+still log earlier events to the syslog service.
+
+If Postfix is down, the non\-daemon programs \fBpostfix\fR(1),
+\fBpostsuper\fR(1), \fBpostmulti\fR(1), and \fBpostlog\fR(1),
+will log directly to \fB$maillog_file\fR. These programs
+expect to run with root privileges, for example during
+Postfix start\-up, reload, or shutdown.
+
+Other non\-daemon Postfix programs will never write directly to
+\fB$maillog_file\fR (also, logging to stdout would interfere
+with the operation of some of these programs). These programs
+can log to \fBpostlogd\fR(8) if they are run by the super\-user,
+or if their executable file has set\-gid permission. Do not
+set this permission on programs other than \fBpostdrop\fR(1),
+\fBpostqueue\fR(1) and (Postfix >= 3.7) \fBpostlog\fR(1).
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+Changes to \fBmain.cf\fR are picked up automatically, as
+\fBpostlogd\fR(8) processes run for only a limited amount
+of time. Use the command "\fBpostfix reload\fR" to speed
+up a change.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBmaillog_file (empty)\fR"
+The name of an optional logfile that is written by the Postfix
+\fBpostlogd\fR(8) service.
+.IP "\fBprocess_id (read\-only)\fR"
+The process ID of a Postfix command or daemon process.
+.IP "\fBprocess_name (read\-only)\fR"
+The process name of a Postfix command or daemon process.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.IP "\fBservice_name (read\-only)\fR"
+The master.cf service name of a Postfix daemon process.
+.IP "\fBpostlogd_watchdog_timeout (10s)\fR"
+How much time a \fBpostlogd\fR(8) process may take to process a request
+before it is terminated by a built\-in watchdog timer.
+.SH "SEE ALSO"
+.na
+.nf
+postconf(5), configuration parameters
+syslogd(8), system logging
+.SH "README_FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+MAILLOG_README, Postfix logging to file or stdout
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH HISTORY
+.ad
+.fi
+.ad
+.fi
+This service was introduced with Postfix version 3.4.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man8/postscreen.8 b/man/man8/postscreen.8
new file mode 100644
index 0000000..556a865
--- /dev/null
+++ b/man/man8/postscreen.8
@@ -0,0 +1,478 @@
+.TH POSTSCREEN 8
+.ad
+.fi
+.SH NAME
+postscreen
+\-
+Postfix zombie blocker
+.SH "SYNOPSIS"
+.na
+.nf
+\fBpostscreen\fR [generic Postfix daemon options]
+.SH DESCRIPTION
+.ad
+.fi
+The Postfix \fBpostscreen\fR(8) server provides additional
+protection against mail server overload. One \fBpostscreen\fR(8)
+process handles multiple inbound SMTP connections, and decides
+which clients may talk to a Postfix SMTP server process.
+By keeping spambots away, \fBpostscreen\fR(8) leaves more
+SMTP server processes available for legitimate clients, and
+delays the onset of server overload conditions.
+
+This program should not be used on SMTP ports that receive
+mail from end\-user clients (MUAs). In a typical deployment,
+\fBpostscreen\fR(8) handles the MX service on TCP port 25, and
+\fBsmtpd\fR(8) receives mail from MUAs on the \fBsubmission\fR
+service (TCP port 587) which requires client authentication.
+Alternatively, a site could set up a dedicated, non\-postscreen,
+"port 25" server that provides \fBsubmission\fR service and
+client authentication, but no MX service.
+
+\fBpostscreen\fR(8) maintains a temporary allowlist for
+clients that have passed a number of tests. When an SMTP
+client IP address is allowlisted, \fBpostscreen\fR(8) hands
+off the connection immediately to a Postfix SMTP server
+process. This minimizes the overhead for legitimate mail.
+
+By default, \fBpostscreen\fR(8) logs statistics and hands
+off each connection to a Postfix SMTP server process, while
+excluding clients in mynetworks from all tests (primarily,
+to avoid problems with non\-standard SMTP implementations
+in network appliances). This default mode blocks no clients,
+and is useful for non\-destructive testing.
+
+In a typical production setting, \fBpostscreen\fR(8) is
+configured to reject mail from clients that fail one or
+more tests. \fBpostscreen\fR(8) logs rejected mail with the
+client address, helo, sender and recipient information.
+
+\fBpostscreen\fR(8) is not an SMTP proxy; this is intentional.
+The purpose is to keep spambots away from Postfix SMTP
+server processes, while minimizing overhead for legitimate
+traffic.
+.SH "SECURITY"
+.na
+.nf
+.ad
+.fi
+The \fBpostscreen\fR(8) server is moderately security\-sensitive.
+It talks to untrusted clients on the network. The process
+can be run chrooted at fixed low privilege.
+.SH "STANDARDS"
+.na
+.nf
+RFC 821 (SMTP protocol)
+RFC 1123 (Host requirements)
+RFC 1652 (8bit\-MIME transport)
+RFC 1869 (SMTP service extensions)
+RFC 1870 (Message Size Declaration)
+RFC 1985 (ETRN command)
+RFC 2034 (SMTP Enhanced Status Codes)
+RFC 2821 (SMTP protocol)
+Not: RFC 2920 (SMTP Pipelining)
+RFC 3030 (CHUNKING without BINARYMIME)
+RFC 3207 (STARTTLS command)
+RFC 3461 (SMTP DSN Extension)
+RFC 3463 (Enhanced Status Codes)
+RFC 5321 (SMTP protocol, including multi\-line 220 banners)
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
+.SH BUGS
+.ad
+.fi
+The \fBpostscreen\fR(8) built\-in SMTP protocol engine
+currently does not announce support for AUTH, XCLIENT or
+XFORWARD.
+If you need to make these services available
+on port 25, then do not enable the optional "after 220
+server greeting" tests.
+
+The optional "after 220 server greeting" tests may result in
+unexpected delivery delays from senders that retry email delivery
+from a different IP address. Reason: after passing these tests a
+new client must disconnect, and reconnect from the same IP
+address before it can deliver mail. See POSTSCREEN_README, section
+"Tests after the 220 SMTP server greeting", for a discussion.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+Changes to main.cf are not picked up automatically, as
+\fBpostscreen\fR(8) processes may run for several hours.
+Use the command "postfix reload" after a configuration
+change.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+
+NOTE: Some \fBpostscreen\fR(8) parameters implement
+stress\-dependent behavior. This is supported only when the
+default parameter value is stress\-dependent (that is, it
+looks like ${stress?{X}:{Y}}, or it is the $\fIname\fR
+of an smtpd parameter with a stress\-dependent default).
+Other parameters always evaluate as if the \fBstress\fR
+parameter value is the empty string.
+.SH "COMPATIBILITY CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBpostscreen_command_filter ($smtpd_command_filter)\fR"
+A mechanism to transform commands from remote SMTP clients.
+.IP "\fBpostscreen_discard_ehlo_keyword_address_maps ($smtpd_discard_ehlo_keyword_address_maps)\fR"
+Lookup tables, indexed by the remote SMTP client address, with
+case insensitive lists of EHLO keywords (pipelining, starttls, auth,
+etc.) that the \fBpostscreen\fR(8) server will not send in the EHLO response
+to a remote SMTP client.
+.IP "\fBpostscreen_discard_ehlo_keywords ($smtpd_discard_ehlo_keywords)\fR"
+A case insensitive list of EHLO keywords (pipelining, starttls,
+auth, etc.) that the \fBpostscreen\fR(8) server will not send in the EHLO
+response to a remote SMTP client.
+.PP
+Available in Postfix version 3.1 and later:
+.IP "\fBdns_ncache_ttl_fix_enable (no)\fR"
+Enable a workaround for future libc incompatibility.
+.PP
+Available in Postfix version 3.4 and later:
+.IP "\fBpostscreen_reject_footer_maps ($smtpd_reject_footer_maps)\fR"
+Optional lookup table for information that is appended after a 4XX
+or 5XX \fBpostscreen\fR(8) server response.
+.PP
+Available in Postfix 3.6 and later:
+.IP "\fBrespectful_logging (see 'postconf -d' output)\fR"
+Avoid logging that implies white is better than black.
+.SH "TROUBLE SHOOTING CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBpostscreen_expansion_filter (see 'postconf -d' output)\fR"
+List of characters that are permitted in postscreen_reject_footer
+attribute expansions.
+.IP "\fBpostscreen_reject_footer ($smtpd_reject_footer)\fR"
+Optional information that is appended after a 4XX or 5XX
+\fBpostscreen\fR(8) server
+response.
+.IP "\fBsoft_bounce (no)\fR"
+Safety net to keep mail queued that would otherwise be returned to
+the sender.
+.SH "BEFORE-POSTSCREEN PROXY AGENT"
+.na
+.nf
+.ad
+.fi
+Available in Postfix version 2.10 and later:
+.IP "\fBpostscreen_upstream_proxy_protocol (empty)\fR"
+The name of the proxy protocol used by an optional before\-postscreen
+proxy agent.
+.IP "\fBpostscreen_upstream_proxy_timeout (5s)\fR"
+The time limit for the proxy protocol specified with the
+postscreen_upstream_proxy_protocol parameter.
+.SH "PERMANENT ALLOW/DENYLIST TEST"
+.na
+.nf
+.ad
+.fi
+This test is executed immediately after a remote SMTP client
+connects. If a client is permanently allowlisted, the client
+will be handed off immediately to a Postfix SMTP server
+process.
+.IP "\fBpostscreen_access_list (permit_mynetworks)\fR"
+Permanent allow/denylist for remote SMTP client IP addresses.
+.IP "\fBpostscreen_blacklist_action (ignore)\fR"
+Renamed to postscreen_denylist_action in Postfix 3.6.
+.SH "MAIL EXCHANGER POLICY TESTS"
+.na
+.nf
+.ad
+.fi
+When \fBpostscreen\fR(8) is configured to monitor all primary
+and backup MX addresses, it can refuse to allowlist clients
+that connect to a backup MX address only. For small sites,
+this requires configuring primary and backup MX addresses
+on the same MTA. Larger sites would have to share the
+\fBpostscreen\fR(8) cache between primary and backup MTAs,
+which would introduce a common point of failure.
+.IP "\fBpostscreen_allowlist_interfaces (static:all)\fR"
+A list of local \fBpostscreen\fR(8) server IP addresses where a
+non\-allowlisted remote SMTP client can obtain \fBpostscreen\fR(8)'s temporary
+allowlist status.
+.SH "BEFORE 220 GREETING TESTS"
+.na
+.nf
+.ad
+.fi
+These tests are executed before the remote SMTP client
+receives the "220 servername" greeting. If no tests remain
+after the successful completion of this phase, the client
+will be handed off immediately to a Postfix SMTP server
+process.
+.IP "\fBdnsblog_service_name (dnsblog)\fR"
+The name of the \fBdnsblog\fR(8) service entry in master.cf.
+.IP "\fBpostscreen_dnsbl_action (ignore)\fR"
+The action that \fBpostscreen\fR(8) takes when a remote SMTP client's combined
+DNSBL score is equal to or greater than a threshold (as defined
+with the postscreen_dnsbl_sites and postscreen_dnsbl_threshold
+parameters).
+.IP "\fBpostscreen_dnsbl_reply_map (empty)\fR"
+A mapping from an actual DNSBL domain name which includes a secret
+password, to the DNSBL domain name that postscreen will reply with
+when it rejects mail.
+.IP "\fBpostscreen_dnsbl_sites (empty)\fR"
+Optional list of patterns with DNS allow/denylist domains, filters
+and weight
+factors.
+.IP "\fBpostscreen_dnsbl_threshold (1)\fR"
+The inclusive lower bound for blocking a remote SMTP client, based on
+its combined DNSBL score as defined with the postscreen_dnsbl_sites
+parameter.
+.IP "\fBpostscreen_greet_action (ignore)\fR"
+The action that \fBpostscreen\fR(8) takes when a remote SMTP client speaks
+before its turn within the time specified with the postscreen_greet_wait
+parameter.
+.IP "\fBpostscreen_greet_banner ($smtpd_banner)\fR"
+The \fItext\fR in the optional "220\-\fItext\fR..." server
+response that
+\fBpostscreen\fR(8) sends ahead of the real Postfix SMTP server's "220
+text..." response, in an attempt to confuse bad SMTP clients so
+that they speak before their turn (pre\-greet).
+.IP "\fBpostscreen_greet_wait (normal: 6s, overload: 2s)\fR"
+The amount of time that \fBpostscreen\fR(8) will wait for an SMTP
+client to send a command before its turn, and for DNS blocklist
+lookup results to arrive (default: up to 2 seconds under stress,
+up to 6 seconds otherwise).
+.IP "\fBsmtpd_service_name (smtpd)\fR"
+The internal service that \fBpostscreen\fR(8) hands off allowed
+connections to.
+.PP
+Available in Postfix version 2.11 and later:
+.IP "\fBpostscreen_dnsbl_whitelist_threshold (0)\fR"
+Renamed to postscreen_dnsbl_allowlist_threshold in Postfix 3.6.
+.PP
+Available in Postfix version 3.0 and later:
+.IP "\fBpostscreen_dnsbl_timeout (10s)\fR"
+The time limit for DNSBL or DNSWL lookups.
+.PP
+Available in Postfix version 3.6 and later:
+.IP "\fBpostscreen_denylist_action (ignore)\fR"
+The action that \fBpostscreen\fR(8) takes when a remote SMTP client is
+permanently denylisted with the postscreen_access_list parameter.
+.IP "\fBpostscreen_allowlist_interfaces (static:all)\fR"
+A list of local \fBpostscreen\fR(8) server IP addresses where a
+non\-allowlisted remote SMTP client can obtain \fBpostscreen\fR(8)'s temporary
+allowlist status.
+.IP "\fBpostscreen_dnsbl_allowlist_threshold (0)\fR"
+Allow a remote SMTP client to skip "before" and "after 220
+greeting" protocol tests, based on its combined DNSBL score as
+defined with the postscreen_dnsbl_sites parameter.
+.SH "AFTER 220 GREETING TESTS"
+.na
+.nf
+.ad
+.fi
+These tests are executed after the remote SMTP client
+receives the "220 servername" greeting. If a client passes
+all tests during this phase, it will receive a 4XX response
+to all RCPT TO commands. After the client reconnects, it
+will be allowed to talk directly to a Postfix SMTP server
+process.
+.IP "\fBpostscreen_bare_newline_action (ignore)\fR"
+The action that \fBpostscreen\fR(8) takes when a remote SMTP client sends
+a bare newline character, that is, a newline not preceded by carriage
+return.
+.IP "\fBpostscreen_bare_newline_enable (no)\fR"
+Enable "bare newline" SMTP protocol tests in the \fBpostscreen\fR(8)
+server.
+.IP "\fBpostscreen_disable_vrfy_command ($disable_vrfy_command)\fR"
+Disable the SMTP VRFY command in the \fBpostscreen\fR(8) daemon.
+.IP "\fBpostscreen_forbidden_commands ($smtpd_forbidden_commands)\fR"
+List of commands that the \fBpostscreen\fR(8) server considers in
+violation of the SMTP protocol.
+.IP "\fBpostscreen_helo_required ($smtpd_helo_required)\fR"
+Require that a remote SMTP client sends HELO or EHLO before
+commencing a MAIL transaction.
+.IP "\fBpostscreen_non_smtp_command_action (drop)\fR"
+The action that \fBpostscreen\fR(8) takes when a remote SMTP client sends
+non\-SMTP commands as specified with the postscreen_forbidden_commands
+parameter.
+.IP "\fBpostscreen_non_smtp_command_enable (no)\fR"
+Enable "non\-SMTP command" tests in the \fBpostscreen\fR(8) server.
+.IP "\fBpostscreen_pipelining_action (enforce)\fR"
+The action that \fBpostscreen\fR(8) takes when a remote SMTP client
+sends
+multiple commands instead of sending one command and waiting for
+the server to respond.
+.IP "\fBpostscreen_pipelining_enable (no)\fR"
+Enable "pipelining" SMTP protocol tests in the \fBpostscreen\fR(8)
+server.
+.SH "CACHE CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBpostscreen_cache_cleanup_interval (12h)\fR"
+The amount of time between \fBpostscreen\fR(8) cache cleanup runs.
+.IP "\fBpostscreen_cache_map (btree:$data_directory/postscreen_cache)\fR"
+Persistent storage for the \fBpostscreen\fR(8) server decisions.
+.IP "\fBpostscreen_cache_retention_time (7d)\fR"
+The amount of time that \fBpostscreen\fR(8) will cache an expired
+temporary allowlist entry before it is removed.
+.IP "\fBpostscreen_bare_newline_ttl (30d)\fR"
+The amount of time that \fBpostscreen\fR(8) will use the result from
+a successful "bare newline" SMTP protocol test.
+.IP "\fBpostscreen_dnsbl_max_ttl (${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h)\fR"
+The maximum amount of time that \fBpostscreen\fR(8) will use the
+result from a successful DNS\-based reputation test before a
+client IP address is required to pass that test again.
+.IP "\fBpostscreen_dnsbl_min_ttl (60s)\fR"
+The minimum amount of time that \fBpostscreen\fR(8) will use the
+result from a successful DNS\-based reputation test before a
+client IP address is required to pass that test again.
+.IP "\fBpostscreen_greet_ttl (1d)\fR"
+The amount of time that \fBpostscreen\fR(8) will use the result from
+a successful PREGREET test.
+.IP "\fBpostscreen_non_smtp_command_ttl (30d)\fR"
+The amount of time that \fBpostscreen\fR(8) will use the result from
+a successful "non_smtp_command" SMTP protocol test.
+.IP "\fBpostscreen_pipelining_ttl (30d)\fR"
+The amount of time that \fBpostscreen\fR(8) will use the result from
+a successful "pipelining" SMTP protocol test.
+.SH "RESOURCE CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBline_length_limit (2048)\fR"
+Upon input, long lines are chopped up into pieces of at most
+this length; upon delivery, long lines are reconstructed.
+.IP "\fBpostscreen_client_connection_count_limit ($smtpd_client_connection_count_limit)\fR"
+How many simultaneous connections any remote SMTP client is
+allowed to have
+with the \fBpostscreen\fR(8) daemon.
+.IP "\fBpostscreen_command_count_limit (20)\fR"
+The limit on the total number of commands per SMTP session for
+\fBpostscreen\fR(8)'s built\-in SMTP protocol engine.
+.IP "\fBpostscreen_command_time_limit (normal: 300s, overload: 10s)\fR"
+The time limit to read an entire command line with \fBpostscreen\fR(8)'s
+built\-in SMTP protocol engine.
+.IP "\fBpostscreen_post_queue_limit ($default_process_limit)\fR"
+The number of clients that can be waiting for service from a
+real Postfix SMTP server process.
+.IP "\fBpostscreen_pre_queue_limit ($default_process_limit)\fR"
+The number of non\-allowlisted clients that can be waiting for
+a decision whether they will receive service from a real Postfix
+SMTP server
+process.
+.IP "\fBpostscreen_watchdog_timeout (10s)\fR"
+How much time a \fBpostscreen\fR(8) process may take to respond to
+a remote SMTP client command or to perform a cache operation before it
+is terminated by a built\-in watchdog timer.
+.SH "STARTTLS CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBpostscreen_tls_security_level ($smtpd_tls_security_level)\fR"
+The SMTP TLS security level for the \fBpostscreen\fR(8) server; when
+a non\-empty value is specified, this overrides the obsolete parameters
+postscreen_use_tls and postscreen_enforce_tls.
+.IP "\fBtlsproxy_service_name (tlsproxy)\fR"
+The name of the \fBtlsproxy\fR(8) service entry in master.cf.
+.SH "OBSOLETE STARTTLS SUPPORT CONTROLS"
+.na
+.nf
+.ad
+.fi
+These parameters are supported for compatibility with
+\fBsmtpd\fR(8) legacy parameters.
+.IP "\fBpostscreen_use_tls ($smtpd_use_tls)\fR"
+Opportunistic TLS: announce STARTTLS support to remote SMTP clients,
+but do not require that clients use TLS encryption.
+.IP "\fBpostscreen_enforce_tls ($smtpd_enforce_tls)\fR"
+Mandatory TLS: announce STARTTLS support to remote SMTP clients, and
+require that clients use TLS encryption.
+.SH "MISCELLANEOUS CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBdelay_logging_resolution_limit (2)\fR"
+The maximal number of digits after the decimal point when logging
+sub\-second delay values.
+.IP "\fBcommand_directory (see 'postconf -d' output)\fR"
+The location of all postfix administrative commands.
+.IP "\fBmax_idle (100s)\fR"
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
+.IP "\fBprocess_id (read\-only)\fR"
+The process ID of a Postfix command or daemon process.
+.IP "\fBprocess_name (read\-only)\fR"
+The process name of a Postfix command or daemon process.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix 3.3 and later:
+.IP "\fBservice_name (read\-only)\fR"
+The master.cf service name of a Postfix daemon process.
+.PP
+Available in Postfix 3.5 and later:
+.IP "\fBinfo_log_address_format (external)\fR"
+The email address form that will be used in non\-debug logging
+(info, warning, etc.).
+.SH "SEE ALSO"
+.na
+.nf
+smtpd(8), Postfix SMTP server
+tlsproxy(8), Postfix TLS proxy server
+dnsblog(8), DNS allow/denylist logger
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or "\fBpostconf
+html_directory\fR" to locate this information.
+.nf
+.na
+POSTSCREEN_README, Postfix Postscreen Howto
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH HISTORY
+.ad
+.fi
+.ad
+.fi
+This service was introduced with Postfix version 2.8.
+
+Many ideas in \fBpostscreen\fR(8) were explored in earlier
+work by Michael Tokarev, in OpenBSD spamd, and in MailChannels
+Traffic Control.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man8/proxymap.8 b/man/man8/proxymap.8
new file mode 100644
index 0000000..e734a2b
--- /dev/null
+++ b/man/man8/proxymap.8
@@ -0,0 +1,243 @@
+.TH PROXYMAP 8
+.ad
+.fi
+.SH NAME
+proxymap
+\-
+Postfix lookup table proxy server
+.SH "SYNOPSIS"
+.na
+.nf
+\fBproxymap\fR [generic Postfix daemon options]
+.SH DESCRIPTION
+.ad
+.fi
+The \fBproxymap\fR(8) server provides read\-only or read\-write
+table lookup service to Postfix processes. These services are
+implemented with distinct service names: \fBproxymap\fR and
+\fBproxywrite\fR, respectively. The purpose of these services is:
+.IP \(bu
+To overcome chroot restrictions. For example, a chrooted SMTP
+server needs access to the system passwd file in order to
+reject mail for non\-existent local addresses, but it is not
+practical to maintain a copy of the passwd file in the chroot
+jail. The solution:
+.sp
+.nf
+local_recipient_maps =
+ proxy:unix:passwd.byname $alias_maps
+.fi
+.IP \(bu
+To consolidate the number of open lookup tables by sharing
+one open table among multiple processes. For example, making
+mysql connections from every Postfix daemon process results
+in "too many connections" errors. The solution:
+.sp
+.nf
+virtual_alias_maps =
+ proxy:mysql:/etc/postfix/virtual_alias.cf
+.fi
+.sp
+The total number of connections is limited by the number of
+proxymap server processes.
+.IP \(bu
+To provide single\-updater functionality for lookup tables
+that do not reliably support multiple writers (i.e. all
+file\-based tables).
+.PP
+The \fBproxymap\fR(8) server implements the following requests:
+.IP "\fBopen\fR \fImaptype:mapname flags\fR"
+Open the table with type \fImaptype\fR and name \fImapname\fR,
+as controlled by \fIflags\fR. The reply includes the \fImaptype\fR
+dependent flags (to distinguish a fixed string table from a regular
+expression table).
+.IP "\fBlookup\fR \fImaptype:mapname flags key\fR"
+Look up the data stored under the requested key.
+The reply is the request completion status code and
+the lookup result value.
+The \fImaptype:mapname\fR and \fIflags\fR are the same
+as with the \fBopen\fR request.
+.IP "\fBupdate\fR \fImaptype:mapname flags key value\fR"
+Update the data stored under the requested key.
+The reply is the request completion status code.
+The \fImaptype:mapname\fR and \fIflags\fR are the same
+as with the \fBopen\fR request.
+.sp
+To implement single\-updater maps, specify a process limit
+of 1 in the master.cf file entry for the \fBproxywrite\fR
+service.
+.sp
+This request is supported in Postfix 2.5 and later.
+.IP "\fBdelete\fR \fImaptype:mapname flags key\fR"
+Delete the data stored under the requested key.
+The reply is the request completion status code.
+The \fImaptype:mapname\fR and \fIflags\fR are the same
+as with the \fBopen\fR request.
+.sp
+This request is supported in Postfix 2.5 and later.
+.IP "\fBsequence\fR \fImaptype:mapname flags function\fR"
+Iterate over the specified database. The \fIfunction\fR
+is one of DICT_SEQ_FUN_FIRST or DICT_SEQ_FUN_NEXT.
+The reply is the request completion status code and
+a lookup key and result value, if found.
+.sp
+This request is supported in Postfix 2.9 and later.
+.PP
+The request completion status is one of OK, RETRY, NOKEY
+(lookup failed because the key was not found), BAD (malformed
+request) or DENY (the table is not approved for proxy read
+or update access).
+
+There is no \fBclose\fR command, nor are tables implicitly closed
+when a client disconnects. The purpose is to share tables among
+multiple client processes.
+.SH "SERVER PROCESS MANAGEMENT"
+.na
+.nf
+.ad
+.fi
+\fBproxymap\fR(8) servers run under control by the Postfix
+\fBmaster\fR(8)
+server. Each server can handle multiple simultaneous connections.
+When all servers are busy while a client connects, the \fBmaster\fR(8)
+creates a new \fBproxymap\fR(8) server process, provided that the
+process limit is not exceeded.
+Each server terminates after serving at least \fB$max_use\fR clients
+or after \fB$max_idle\fR seconds of idle time.
+.SH "SECURITY"
+.na
+.nf
+.ad
+.fi
+The \fBproxymap\fR(8) server opens only tables that are
+approved via the \fBproxy_read_maps\fR or \fBproxy_write_maps\fR
+configuration parameters, does not talk to
+users, and can run at fixed low privilege, chrooted or not.
+However, running the proxymap server chrooted severely limits
+usability, because it can open only chrooted tables.
+
+The \fBproxymap\fR(8) server is not a trusted daemon process, and must
+not be used to look up sensitive information such as UNIX user or
+group IDs, mailbox file/directory names or external commands.
+
+In Postfix version 2.2 and later, the proxymap client recognizes
+requests to access a table for security\-sensitive purposes,
+and opens the table directly. This allows the same main.cf
+setting to be used by sensitive and non\-sensitive processes.
+
+Postfix\-writable data files should be stored under a dedicated
+directory that is writable only by the Postfix mail system,
+such as the Postfix\-owned \fBdata_directory\fR.
+
+In particular, Postfix\-writable files should never exist
+in root\-owned directories. That would open up a particular
+type of security hole where ownership of a file or directory
+does not match the provider of its content.
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
+.SH BUGS
+.ad
+.fi
+The \fBproxymap\fR(8) server provides service to multiple clients,
+and must therefore not be used for tables that have high\-latency
+lookups.
+
+The \fBproxymap\fR(8) read\-write service does not explicitly
+close lookup tables (even if it did, this could not be relied on,
+because the process may be terminated between table updates).
+The read\-write service should therefore not be used with tables that
+leave persistent storage in an inconsistent state between
+updates (for example, CDB). Tables that support "sync on
+update" should be safe (for example, Berkeley DB) as should
+tables that are implemented by a real DBMS.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+On busy mail systems a long time may pass before
+\fBproxymap\fR(8) relevant
+changes to \fBmain.cf\fR are picked up. Use the command
+"\fBpostfix reload\fR" to speed up a change.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBdata_directory (see 'postconf -d' output)\fR"
+The directory with Postfix\-writable data files (for example:
+caches, pseudo\-random numbers).
+.IP "\fBdaemon_timeout (18000s)\fR"
+How much time a Postfix daemon process may take to handle a
+request before it is terminated by a built\-in watchdog timer.
+.IP "\fBipc_timeout (3600s)\fR"
+The time limit for sending or receiving information over an internal
+communication channel.
+.IP "\fBmax_idle (100s)\fR"
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
+.IP "\fBmax_use (100)\fR"
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
+.IP "\fBprocess_id (read\-only)\fR"
+The process ID of a Postfix command or daemon process.
+.IP "\fBprocess_name (read\-only)\fR"
+The process name of a Postfix command or daemon process.
+.IP "\fBproxy_read_maps (see 'postconf -d' output)\fR"
+The lookup tables that the \fBproxymap\fR(8) server is allowed to
+access for the read\-only service.
+.PP
+Available in Postfix 2.5 and later:
+.IP "\fBdata_directory (see 'postconf -d' output)\fR"
+The directory with Postfix\-writable data files (for example:
+caches, pseudo\-random numbers).
+.IP "\fBproxy_write_maps (see 'postconf -d' output)\fR"
+The lookup tables that the \fBproxymap\fR(8) server is allowed to
+access for the read\-write service.
+.PP
+Available in Postfix 3.3 and later:
+.IP "\fBservice_name (read\-only)\fR"
+The master.cf service name of a Postfix daemon process.
+.SH "SEE ALSO"
+.na
+.nf
+postconf(5), configuration parameters
+master(5), generic daemon options
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+DATABASE_README, Postfix lookup table overview
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH HISTORY
+.ad
+.fi
+.ad
+.fi
+The proxymap service was introduced with Postfix 2.0.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man8/qmgr.8 b/man/man8/qmgr.8
new file mode 100644
index 0000000..a24af71
--- /dev/null
+++ b/man/man8/qmgr.8
@@ -0,0 +1,495 @@
+.TH QMGR 8
+.ad
+.fi
+.SH NAME
+qmgr
+\-
+Postfix queue manager
+.SH "SYNOPSIS"
+.na
+.nf
+\fBqmgr\fR [generic Postfix daemon options]
+.SH DESCRIPTION
+.ad
+.fi
+The \fBqmgr\fR(8) daemon awaits the arrival of incoming mail
+and arranges for its delivery via Postfix delivery processes.
+The actual mail routing strategy is delegated to the
+\fBtrivial\-rewrite\fR(8) daemon.
+This program expects to be run from the \fBmaster\fR(8) process
+manager.
+
+Mail addressed to the local \fBdouble\-bounce\fR address is
+logged and discarded. This stops potential loops caused by
+undeliverable bounce notifications.
+.SH "MAIL QUEUES"
+.na
+.nf
+.ad
+.fi
+The \fBqmgr\fR(8) daemon maintains the following queues:
+.IP \fBincoming\fR
+Inbound mail from the network, or mail picked up by the
+local \fBpickup\fR(8) daemon from the \fBmaildrop\fR directory.
+.IP \fBactive\fR
+Messages that the queue manager has opened for delivery. Only
+a limited number of messages is allowed to enter the \fBactive\fR
+queue (leaky bucket strategy, for a fixed delivery rate).
+.IP \fBdeferred\fR
+Mail that could not be delivered upon the first attempt. The queue
+manager implements exponential backoff by doubling the time between
+delivery attempts.
+.IP \fBcorrupt\fR
+Unreadable or damaged queue files are moved here for inspection.
+.IP \fBhold\fR
+Messages that are kept "on hold" are kept here until someone
+sets them free.
+.SH "DELIVERY STATUS REPORTS"
+.na
+.nf
+.ad
+.fi
+The \fBqmgr\fR(8) daemon keeps an eye on per\-message delivery status
+reports in the following directories. Each status report file has
+the same name as the corresponding message file:
+.IP \fBbounce\fR
+Per\-recipient status information about why mail is bounced.
+These files are maintained by the \fBbounce\fR(8) daemon.
+.IP \fBdefer\fR
+Per\-recipient status information about why mail is delayed.
+These files are maintained by the \fBdefer\fR(8) daemon.
+.IP \fBtrace\fR
+Per\-recipient status information as requested with the
+Postfix "\fBsendmail \-v\fR" or "\fBsendmail \-bv\fR" command.
+These files are maintained by the \fBtrace\fR(8) daemon.
+.PP
+The \fBqmgr\fR(8) daemon is responsible for asking the
+\fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemons to
+send delivery reports.
+.SH "STRATEGIES"
+.na
+.nf
+.ad
+.fi
+The queue manager implements a variety of strategies for
+either opening queue files (input) or for message delivery (output).
+.IP "\fBleaky bucket\fR"
+This strategy limits the number of messages in the \fBactive\fR queue
+and prevents the queue manager from running out of memory under
+heavy load.
+.IP \fBfairness\fR
+When the \fBactive\fR queue has room, the queue manager takes one
+message from the \fBincoming\fR queue and one from the \fBdeferred\fR
+queue. This prevents a large mail backlog from blocking the delivery
+of new mail.
+.IP "\fBslow start\fR"
+This strategy eliminates "thundering herd" problems by slowly
+adjusting the number of parallel deliveries to the same destination.
+.IP "\fBround robin\fR"
+The queue manager sorts delivery requests by destination.
+Round\-robin selection prevents one destination from dominating
+deliveries to other destinations.
+.IP "\fBexponential backoff\fR"
+Mail that cannot be delivered upon the first attempt is deferred.
+The time interval between delivery attempts is doubled after each
+attempt.
+.IP "\fBdestination status cache\fR"
+The queue manager avoids unnecessary delivery attempts by
+maintaining a short\-term, in\-memory list of unreachable destinations.
+.IP "\fBpreemptive message scheduling\fR"
+The queue manager attempts to minimize the average per\-recipient delay
+while still preserving the correct per\-message delays, using
+a sophisticated preemptive message scheduling.
+.SH "TRIGGERS"
+.na
+.nf
+.ad
+.fi
+On an idle system, the queue manager waits for the arrival of
+trigger events, or it waits for a timer to go off. A trigger
+is a one\-byte message.
+Depending on the message received, the queue manager performs
+one of the following actions (the message is followed by the
+symbolic constant used internally by the software):
+.IP "\fBD (QMGR_REQ_SCAN_DEFERRED)\fR"
+Start a deferred queue scan. If a deferred queue scan is already
+in progress, that scan will be restarted as soon as it finishes.
+.IP "\fBI (QMGR_REQ_SCAN_INCOMING)\fR"
+Start an incoming queue scan. If an incoming queue scan is already
+in progress, that scan will be restarted as soon as it finishes.
+.IP "\fBA (QMGR_REQ_SCAN_ALL)\fR"
+Ignore deferred queue file time stamps. The request affects
+the next deferred queue scan.
+.IP "\fBF (QMGR_REQ_FLUSH_DEAD)\fR"
+Purge all information about dead transports and destinations.
+.IP "\fBW (TRIGGER_REQ_WAKEUP)\fR"
+Wakeup call, This is used by the master server to instantiate
+servers that should not go away forever. The action is to start
+an incoming queue scan.
+.PP
+The \fBqmgr\fR(8) daemon reads an entire buffer worth of triggers.
+Multiple identical trigger requests are collapsed into one, and
+trigger requests are sorted so that \fBA\fR and \fBF\fR precede
+\fBD\fR and \fBI\fR. Thus, in order to force a deferred queue run,
+one would request \fBA F D\fR; in order to notify the queue manager
+of the arrival of new mail one would request \fBI\fR.
+.SH "STANDARDS"
+.na
+.nf
+RFC 3463 (Enhanced status codes)
+RFC 3464 (Delivery status notifications)
+.SH "SECURITY"
+.na
+.nf
+.ad
+.fi
+The \fBqmgr\fR(8) daemon is not security sensitive. It reads
+single\-character messages from untrusted local users, and thus may
+be susceptible to denial of service attacks. The \fBqmgr\fR(8) daemon
+does not talk to the outside world, and it can be run at fixed low
+privilege in a chrooted environment.
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
+Corrupted message files are saved to the \fBcorrupt\fR queue
+for further inspection.
+
+Depending on the setting of the \fBnotify_classes\fR parameter,
+the postmaster is notified of bounces and of other trouble.
+.SH BUGS
+.ad
+.fi
+A single queue manager process has to compete for disk access with
+multiple front\-end processes such as \fBcleanup\fR(8). A sudden burst of
+inbound mail can negatively impact outbound delivery rates.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+Changes to \fBmain.cf\fR are not picked up automatically
+as \fBqmgr\fR(8)
+is a persistent process. Use the "\fBpostfix reload\fR" command after
+a configuration change.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+
+In the text below, \fItransport\fR is the first field in a
+\fBmaster.cf\fR entry.
+.SH "COMPATIBILITY CONTROLS"
+.na
+.nf
+.ad
+.fi
+Available before Postfix version 2.5:
+.IP "\fBallow_min_user (no)\fR"
+Allow a sender or recipient address to have `\-' as the first
+character.
+.PP
+Available with Postfix version 2.7 and later:
+.IP "\fBdefault_filter_nexthop (empty)\fR"
+When a content_filter or FILTER request specifies no explicit
+next\-hop destination, use $default_filter_nexthop instead; when
+that value is empty, use the domain in the recipient address.
+.SH "ACTIVE QUEUE CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBqmgr_clog_warn_time (300s)\fR"
+The minimal delay between warnings that a specific destination is
+clogging up the Postfix active queue.
+.IP "\fBqmgr_message_active_limit (20000)\fR"
+The maximal number of messages in the active queue.
+.IP "\fBqmgr_message_recipient_limit (20000)\fR"
+The maximal number of recipients held in memory by the Postfix
+queue manager, and the maximal size of the short\-term,
+in\-memory "dead" destination status cache.
+.IP "\fBqmgr_message_recipient_minimum (10)\fR"
+The minimal number of in\-memory recipients for any message.
+.IP "\fBdefault_recipient_limit (20000)\fR"
+The default per\-transport upper limit on the number of in\-memory
+recipients.
+.IP "\fBtransport_recipient_limit ($default_recipient_limit)\fR"
+A transport\-specific override for the default_recipient_limit
+parameter value, where \fItransport\fR is the master.cf name of
+the message delivery transport.
+.IP "\fBdefault_extra_recipient_limit (1000)\fR"
+The default value for the extra per\-transport limit imposed on the
+number of in\-memory recipients.
+.IP "\fBtransport_extra_recipient_limit ($default_extra_recipient_limit)\fR"
+A transport\-specific override for the default_extra_recipient_limit
+parameter value, where \fItransport\fR is the master.cf name of
+the message delivery transport.
+.PP
+Available in Postfix version 2.4 and later:
+.IP "\fBdefault_recipient_refill_limit (100)\fR"
+The default per\-transport limit on the number of recipients refilled at
+once.
+.IP "\fBtransport_recipient_refill_limit ($default_recipient_refill_limit)\fR"
+A transport\-specific override for the default_recipient_refill_limit
+parameter value, where \fItransport\fR is the master.cf name of
+the message delivery transport.
+.IP "\fBdefault_recipient_refill_delay (5s)\fR"
+The default per\-transport maximum delay between recipients refills.
+.IP "\fBtransport_recipient_refill_delay ($default_recipient_refill_delay)\fR"
+A transport\-specific override for the default_recipient_refill_delay
+parameter value, where \fItransport\fR is the master.cf name of
+the message delivery transport.
+.SH "DELIVERY CONCURRENCY CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBinitial_destination_concurrency (5)\fR"
+The initial per\-destination concurrency level for parallel delivery
+to the same destination.
+.IP "\fBdefault_destination_concurrency_limit (20)\fR"
+The default maximal number of parallel deliveries to the same
+destination.
+.IP "\fBtransport_destination_concurrency_limit ($default_destination_concurrency_limit)\fR"
+A transport\-specific override for the
+default_destination_concurrency_limit parameter value, where
+\fItransport\fR is the master.cf name of the message delivery
+transport.
+.PP
+Available in Postfix version 2.5 and later:
+.IP "\fBtransport_initial_destination_concurrency ($initial_destination_concurrency)\fR"
+A transport\-specific override for the initial_destination_concurrency
+parameter value, where \fItransport\fR is the master.cf name of
+the message delivery transport.
+.IP "\fBdefault_destination_concurrency_failed_cohort_limit (1)\fR"
+How many pseudo\-cohorts must suffer connection or handshake
+failure before a specific destination is considered unavailable
+(and further delivery is suspended).
+.IP "\fBtransport_destination_concurrency_failed_cohort_limit ($default_destination_concurrency_failed_cohort_limit)\fR"
+A transport\-specific override for the
+default_destination_concurrency_failed_cohort_limit parameter value,
+where \fItransport\fR is the master.cf name of the message delivery
+transport.
+.IP "\fBdefault_destination_concurrency_negative_feedback (1)\fR"
+The per\-destination amount of delivery concurrency negative
+feedback, after a delivery completes with a connection or handshake
+failure.
+.IP "\fBtransport_destination_concurrency_negative_feedback ($default_destination_concurrency_negative_feedback)\fR"
+A transport\-specific override for the
+default_destination_concurrency_negative_feedback parameter value,
+where \fItransport\fR is the master.cf name of the message delivery
+transport.
+.IP "\fBdefault_destination_concurrency_positive_feedback (1)\fR"
+The per\-destination amount of delivery concurrency positive
+feedback, after a delivery completes without connection or handshake
+failure.
+.IP "\fBtransport_destination_concurrency_positive_feedback ($default_destination_concurrency_positive_feedback)\fR"
+A transport\-specific override for the
+default_destination_concurrency_positive_feedback parameter value,
+where \fItransport\fR is the master.cf name of the message delivery
+transport.
+.IP "\fBdestination_concurrency_feedback_debug (no)\fR"
+Make the queue manager's feedback algorithm verbose for performance
+analysis purposes.
+.SH "RECIPIENT SCHEDULING CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBdefault_destination_recipient_limit (50)\fR"
+The default maximal number of recipients per message delivery.
+.IP "\fBtransport_destination_recipient_limit ($default_destination_recipient_limit)\fR"
+A transport\-specific override for the
+default_destination_recipient_limit parameter value, where
+\fItransport\fR is the master.cf name of the message delivery
+transport.
+.SH "MESSAGE SCHEDULING CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBdefault_delivery_slot_cost (5)\fR"
+How often the Postfix queue manager's scheduler is allowed to
+preempt delivery of one message with another.
+.IP "\fBtransport_delivery_slot_cost ($default_delivery_slot_cost)\fR"
+A transport\-specific override for the default_delivery_slot_cost
+parameter value, where \fItransport\fR is the master.cf name of
+the message delivery transport.
+.IP "\fBdefault_minimum_delivery_slots (3)\fR"
+How many recipients a message must have in order to invoke the
+Postfix queue manager's scheduling algorithm at all.
+.IP "\fBtransport_minimum_delivery_slots ($default_minimum_delivery_slots)\fR"
+A transport\-specific override for the default_minimum_delivery_slots
+parameter value, where \fItransport\fR is the master.cf name of
+the message delivery transport.
+.IP "\fBdefault_delivery_slot_discount (50)\fR"
+The default value for transport\-specific _delivery_slot_discount
+settings.
+.IP "\fBtransport_delivery_slot_discount ($default_delivery_slot_discount)\fR"
+A transport\-specific override for the default_delivery_slot_discount
+parameter value, where \fItransport\fR is the master.cf name of
+the message delivery transport.
+.IP "\fBdefault_delivery_slot_loan (3)\fR"
+The default value for transport\-specific _delivery_slot_loan
+settings.
+.IP "\fBtransport_delivery_slot_loan ($default_delivery_slot_loan)\fR"
+A transport\-specific override for the default_delivery_slot_loan
+parameter value, where \fItransport\fR is the master.cf name of
+the message delivery transport.
+.SH "OTHER RESOURCE AND RATE CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBminimal_backoff_time (300s)\fR"
+The minimal time between attempts to deliver a deferred message;
+prior to Postfix 2.4 the default value was 1000s.
+.IP "\fBmaximal_backoff_time (4000s)\fR"
+The maximal time between attempts to deliver a deferred message.
+.IP "\fBmaximal_queue_lifetime (5d)\fR"
+Consider a message as undeliverable, when delivery fails with a
+temporary error, and the time in the queue has reached the
+maximal_queue_lifetime limit.
+.IP "\fBqueue_run_delay (300s)\fR"
+The time between deferred queue scans by the queue manager;
+prior to Postfix 2.4 the default value was 1000s.
+.IP "\fBtransport_retry_time (60s)\fR"
+The time between attempts by the Postfix queue manager to contact
+a malfunctioning message delivery transport.
+.PP
+Available in Postfix version 2.1 and later:
+.IP "\fBbounce_queue_lifetime (5d)\fR"
+Consider a bounce message as undeliverable, when delivery fails
+with a temporary error, and the time in the queue has reached the
+bounce_queue_lifetime limit.
+.PP
+Available in Postfix version 2.5 and later:
+.IP "\fBdefault_destination_rate_delay (0s)\fR"
+The default amount of delay that is inserted between individual
+message deliveries to the same destination and over the same message
+delivery transport.
+.IP "\fBtransport_destination_rate_delay ($default_destination_rate_delay)\fR"
+A transport\-specific override for the default_destination_rate_delay
+parameter value, where \fItransport\fR is the master.cf name of
+the message delivery transport.
+.PP
+Available in Postfix version 3.1 and later:
+.IP "\fBdefault_transport_rate_delay (0s)\fR"
+The default amount of delay that is inserted between individual
+message deliveries over the same message delivery transport,
+regardless of destination.
+.IP "\fBtransport_transport_rate_delay ($default_transport_rate_delay)\fR"
+A transport\-specific override for the default_transport_rate_delay
+parameter value, where the initial \fItransport\fR in the parameter
+name is the master.cf name of the message delivery transport.
+.SH "SAFETY CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBqmgr_daemon_timeout (1000s)\fR"
+How much time a Postfix queue manager process may take to handle
+a request before it is terminated by a built\-in watchdog timer.
+.IP "\fBqmgr_ipc_timeout (60s)\fR"
+The time limit for the queue manager to send or receive information
+over an internal communication channel.
+.PP
+Available in Postfix version 3.1 and later:
+.IP "\fBaddress_verify_pending_request_limit (see 'postconf -d' output)\fR"
+A safety limit that prevents address verification requests from
+overwhelming the Postfix queue.
+.SH "MISCELLANEOUS CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBdefer_transports (empty)\fR"
+The names of message delivery transports that should not deliver mail
+unless someone issues "\fBsendmail \-q\fR" or equivalent.
+.IP "\fBdelay_logging_resolution_limit (2)\fR"
+The maximal number of digits after the decimal point when logging
+sub\-second delay values.
+.IP "\fBhelpful_warnings (yes)\fR"
+Log warnings about problematic configuration settings, and provide
+helpful suggestions.
+.IP "\fBprocess_id (read\-only)\fR"
+The process ID of a Postfix command or daemon process.
+.IP "\fBprocess_name (read\-only)\fR"
+The process name of a Postfix command or daemon process.
+.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
+The location of the Postfix top\-level queue directory.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix version 3.0 and later:
+.IP "\fBconfirm_delay_cleared (no)\fR"
+After sending a "your message is delayed" notification, inform
+the sender when the delay clears up.
+.PP
+Available in Postfix 3.3 and later:
+.IP "\fBservice_name (read\-only)\fR"
+The master.cf service name of a Postfix daemon process.
+.PP
+Available in Postfix 3.5 and later:
+.IP "\fBinfo_log_address_format (external)\fR"
+The email address form that will be used in non\-debug logging
+(info, warning, etc.).
+.SH "FILES"
+.na
+.nf
+/var/spool/postfix/incoming, incoming queue
+/var/spool/postfix/active, active queue
+/var/spool/postfix/deferred, deferred queue
+/var/spool/postfix/bounce, non\-delivery status
+/var/spool/postfix/defer, non\-delivery status
+/var/spool/postfix/trace, delivery status
+.SH "SEE ALSO"
+.na
+.nf
+trivial\-rewrite(8), address routing
+bounce(8), delivery status reports
+postconf(5), configuration parameters
+master(5), generic daemon options
+master(8), process manager
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+SCHEDULER_README, scheduling algorithm
+QSHAPE_README, Postfix queue analysis
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Preemptive scheduler enhancements:
+Patrik Rak
+Modra 6
+155 00, Prague, Czech Republic
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man8/qmqpd.8 b/man/man8/qmqpd.8
new file mode 100644
index 0000000..9ee6267
--- /dev/null
+++ b/man/man8/qmqpd.8
@@ -0,0 +1,214 @@
+.TH QMQPD 8
+.ad
+.fi
+.SH NAME
+qmqpd
+\-
+Postfix QMQP server
+.SH "SYNOPSIS"
+.na
+.nf
+\fBqmqpd\fR [generic Postfix daemon options]
+.SH DESCRIPTION
+.ad
+.fi
+The Postfix QMQP server receives one message per connection.
+Each message is piped through the \fBcleanup\fR(8)
+daemon, and is placed into the \fBincoming\fR queue as one
+single queue file. The program expects to be run from the
+\fBmaster\fR(8) process manager.
+
+The QMQP server implements one access policy: only explicitly
+authorized client hosts are allowed to use the service.
+.SH "SECURITY"
+.na
+.nf
+.ad
+.fi
+The QMQP server is moderately security\-sensitive. It talks to QMQP
+clients and to DNS servers on the network. The QMQP server can be
+run chrooted at fixed low privilege.
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
+.SH BUGS
+.ad
+.fi
+The QMQP protocol provides only one server reply per message
+delivery. It is therefore not possible to reject individual
+recipients.
+
+The QMQP protocol requires the server to receive the entire
+message before replying. If a message is malformed, or if any
+netstring component is longer than acceptable, Postfix replies
+immediately and closes the connection. It is left up to the
+client to handle the situation.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+Changes to \fBmain.cf\fR are picked up automatically, as \fBqmqpd\fR(8)
+processes run for only a limited amount of time. Use the command
+"\fBpostfix reload\fR" to speed up a change.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.SH "CONTENT INSPECTION CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBcontent_filter (empty)\fR"
+After the message is queued, send the entire message to the
+specified \fItransport:destination\fR.
+.IP "\fBreceive_override_options (empty)\fR"
+Enable or disable recipient validation, built\-in content
+filtering, or address mapping.
+.SH "SMTPUTF8 CONTROLS"
+.na
+.nf
+.ad
+.fi
+Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
+.IP "\fBsmtputf8_enable (yes)\fR"
+Enable preliminary SMTPUTF8 support for the protocols described
+in RFC 6531..6533.
+.IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR"
+Detect that a message requires SMTPUTF8 support for the specified
+mail origin classes.
+.PP
+Available in Postfix version 3.2 and later:
+.IP "\fBenable_idna2003_compatibility (no)\fR"
+Enable 'transitional' compatibility between IDNA2003 and IDNA2008,
+when converting UTF\-8 domain names to/from the ASCII form that is
+used for DNS lookups.
+.SH "RESOURCE AND RATE CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBline_length_limit (2048)\fR"
+Upon input, long lines are chopped up into pieces of at most
+this length; upon delivery, long lines are reconstructed.
+.IP "\fBhopcount_limit (50)\fR"
+The maximal number of Received: message headers that is allowed
+in the primary message headers.
+.IP "\fBmessage_size_limit (10240000)\fR"
+The maximal size in bytes of a message, including envelope information.
+.IP "\fBqmqpd_timeout (300s)\fR"
+The time limit for sending or receiving information over the network.
+.SH "TROUBLE SHOOTING CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBdebug_peer_level (2)\fR"
+The increment in verbose logging level when a nexthop destination,
+remote client or server name or network address matches a pattern
+given with the debug_peer_list parameter.
+.IP "\fBdebug_peer_list (empty)\fR"
+Optional list of nexthop destination, remote client or server
+name or network address patterns that, if matched, cause the verbose
+logging level to increase by the amount specified in $debug_peer_level.
+.IP "\fBsoft_bounce (no)\fR"
+Safety net to keep mail queued that would otherwise be returned to
+the sender.
+.SH "TARPIT CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBqmqpd_error_delay (1s)\fR"
+How long the Postfix QMQP server will pause before sending a negative
+reply to the remote QMQP client.
+.SH "MISCELLANEOUS CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBdaemon_timeout (18000s)\fR"
+How much time a Postfix daemon process may take to handle a
+request before it is terminated by a built\-in watchdog timer.
+.IP "\fBipc_timeout (3600s)\fR"
+The time limit for sending or receiving information over an internal
+communication channel.
+.IP "\fBmax_idle (100s)\fR"
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
+.IP "\fBmax_use (100)\fR"
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
+.IP "\fBprocess_id (read\-only)\fR"
+The process ID of a Postfix command or daemon process.
+.IP "\fBprocess_name (read\-only)\fR"
+The process name of a Postfix command or daemon process.
+.IP "\fBqmqpd_authorized_clients (empty)\fR"
+What remote QMQP clients are allowed to connect to the Postfix QMQP
+server port.
+.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
+The location of the Postfix top\-level queue directory.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.IP "\fBverp_delimiter_filter (\-=+)\fR"
+The characters Postfix accepts as VERP delimiter characters on the
+Postfix \fBsendmail\fR(1) command line and in SMTP commands.
+.PP
+Available in Postfix version 2.5 and later:
+.IP "\fBqmqpd_client_port_logging (no)\fR"
+Enable logging of the remote QMQP client port in addition to
+the hostname and IP address.
+.PP
+Available in Postfix 3.3 and later:
+.IP "\fBservice_name (read\-only)\fR"
+The master.cf service name of a Postfix daemon process.
+.SH "SEE ALSO"
+.na
+.nf
+http://cr.yp.to/proto/qmqp.html, QMQP protocol
+cleanup(8), message canonicalization
+master(8), process manager
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+QMQP_README, Postfix ezmlm\-idx howto.
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH HISTORY
+.ad
+.fi
+.ad
+.fi
+The qmqpd service was introduced with Postfix version 1.1.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man8/scache.8 b/man/man8/scache.8
new file mode 100644
index 0000000..7f9fe49
--- /dev/null
+++ b/man/man8/scache.8
@@ -0,0 +1,178 @@
+.TH SCACHE 8
+.ad
+.fi
+.SH NAME
+scache
+\-
+Postfix shared connection cache server
+.SH "SYNOPSIS"
+.na
+.nf
+\fBscache\fR [generic Postfix daemon options]
+.SH DESCRIPTION
+.ad
+.fi
+The \fBscache\fR(8) server maintains a shared multi\-connection
+cache. This information can be used by, for example, Postfix
+SMTP clients or other Postfix delivery agents.
+
+The connection cache is organized into logical destination
+names, physical endpoint names, and connections.
+
+As a specific example, logical SMTP destinations specify
+(transport, domain, port), and physical SMTP endpoints
+specify (transport, IP address, port). An SMTP connection
+may be saved after a successful mail transaction.
+
+In the general case, one logical destination may refer to
+zero or more physical endpoints, one physical endpoint may
+be referenced by zero or more logical destinations, and
+one endpoint may refer to zero or more connections.
+
+The exact syntax of a logical destination or endpoint name
+is application dependent; the \fBscache\fR(8) server does
+not care. A connection is stored as a file descriptor together
+with application\-dependent information that is needed to
+re\-activate a connection object. Again, the \fBscache\fR(8)
+server is completely unaware of the details of that
+information.
+
+All information is stored with a finite time to live (ttl).
+The connection cache daemon terminates when no client is
+connected for \fBmax_idle\fR time units.
+
+This server implements the following requests:
+.IP "\fBsave_endp\fI ttl endpoint endpoint_properties file_descriptor\fR"
+Save the specified file descriptor and connection property data
+under the specified endpoint name. The endpoint properties
+are used by the client to re\-activate a passivated connection
+object.
+.IP "\fBfind_endp\fI endpoint\fR"
+Look up cached properties and a cached file descriptor for the
+specified endpoint.
+.IP "\fBsave_dest\fI ttl destination destination_properties endpoint\fR"
+Save the binding between a logical destination and an
+endpoint under the destination name, together with destination
+specific connection properties. The destination properties
+are used by the client to re\-activate a passivated connection
+object.
+.IP "\fBfind_dest\fI destination\fR"
+Look up cached destination properties, cached endpoint properties,
+and a cached file descriptor for the specified logical destination.
+.SH "SECURITY"
+.na
+.nf
+.ad
+.fi
+The \fBscache\fR(8) server is not security\-sensitive. It does not
+talk to the network, and it does not talk to local users.
+The \fBscache\fR(8) server can run chrooted at fixed low privilege.
+
+The \fBscache\fR(8) server is not a trusted process. It must
+not be used to store information that is security sensitive.
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
+.SH BUGS
+.ad
+.fi
+The session cache cannot be shared among multiple machines.
+
+When a connection expires from the cache, it is closed without
+the appropriate protocol specific handshake.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+Changes to \fBmain.cf\fR are picked up automatically as \fBscache\fR(8)
+processes run for only a limited amount of time. Use the command
+"\fBpostfix reload\fR" to speed up a change.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.SH "RESOURCE CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBconnection_cache_ttl_limit (2s)\fR"
+The maximal time\-to\-live value that the \fBscache\fR(8) connection
+cache server
+allows.
+.IP "\fBconnection_cache_status_update_time (600s)\fR"
+How frequently the \fBscache\fR(8) server logs usage statistics with
+connection cache hit and miss rates for logical destinations and for
+physical endpoints.
+.SH "MISCELLANEOUS CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBdaemon_timeout (18000s)\fR"
+How much time a Postfix daemon process may take to handle a
+request before it is terminated by a built\-in watchdog timer.
+.IP "\fBipc_timeout (3600s)\fR"
+The time limit for sending or receiving information over an internal
+communication channel.
+.IP "\fBmax_idle (100s)\fR"
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
+.IP "\fBprocess_id (read\-only)\fR"
+The process ID of a Postfix command or daemon process.
+.IP "\fBprocess_name (read\-only)\fR"
+The process name of a Postfix command or daemon process.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix 3.3 and later:
+.IP "\fBservice_name (read\-only)\fR"
+The master.cf service name of a Postfix daemon process.
+.SH "SEE ALSO"
+.na
+.nf
+smtp(8), SMTP client
+postconf(5), configuration parameters
+master(8), process manager
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+CONNECTION_CACHE_README, Postfix connection cache
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH HISTORY
+.ad
+.fi
+This service was introduced with Postfix version 2.2.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man8/showq.8 b/man/man8/showq.8
new file mode 100644
index 0000000..624ae74
--- /dev/null
+++ b/man/man8/showq.8
@@ -0,0 +1,125 @@
+.TH SHOWQ 8
+.ad
+.fi
+.SH NAME
+showq
+\-
+list the Postfix mail queue
+.SH "SYNOPSIS"
+.na
+.nf
+\fBshowq\fR [generic Postfix daemon options]
+.SH DESCRIPTION
+.ad
+.fi
+The \fBshowq\fR(8) daemon reports the Postfix mail queue status.
+The output is meant to be formatted by the postqueue(1) command,
+as it emulates the Sendmail `mailq' command.
+
+The \fBshowq\fR(8) daemon can also be run in stand\-alone mode
+by the superuser. This mode of operation is used to emulate
+the `mailq' command while the Postfix mail system is down.
+.SH "SECURITY"
+.na
+.nf
+.ad
+.fi
+The \fBshowq\fR(8) daemon can run in a chroot jail at fixed low
+privilege, and takes no input from the client. Its service port
+is accessible to local untrusted users, so the service can be
+susceptible to denial of service attacks.
+.SH "STANDARDS"
+.na
+.nf
+.ad
+.fi
+None. The \fBshowq\fR(8) daemon does not interact with the
+outside world.
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+Changes to \fBmain.cf\fR are picked up automatically as \fBshowq\fR(8)
+processes run for only a limited amount of time. Use the command
+"\fBpostfix reload\fR" to speed up a change.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBdaemon_timeout (18000s)\fR"
+How much time a Postfix daemon process may take to handle a
+request before it is terminated by a built\-in watchdog timer.
+.IP "\fBduplicate_filter_limit (1000)\fR"
+The maximal number of addresses remembered by the address
+duplicate filter for \fBaliases\fR(5) or \fBvirtual\fR(5) alias expansion, or
+for \fBshowq\fR(8) queue displays.
+.IP "\fBempty_address_recipient (MAILER\-DAEMON)\fR"
+The recipient of mail addressed to the null address.
+.IP "\fBipc_timeout (3600s)\fR"
+The time limit for sending or receiving information over an internal
+communication channel.
+.IP "\fBmax_idle (100s)\fR"
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
+.IP "\fBmax_use (100)\fR"
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
+.IP "\fBprocess_id (read\-only)\fR"
+The process ID of a Postfix command or daemon process.
+.IP "\fBprocess_name (read\-only)\fR"
+The process name of a Postfix command or daemon process.
+.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
+The location of the Postfix top\-level queue directory.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix version 2.9 and later:
+.IP "\fBenable_long_queue_ids (no)\fR"
+Enable long, non\-repeating, queue IDs (queue file names).
+.PP
+Available in Postfix 3.3 and later:
+.IP "\fBservice_name (read\-only)\fR"
+The master.cf service name of a Postfix daemon process.
+.SH "FILES"
+.na
+.nf
+/var/spool/postfix, queue directories
+.SH "SEE ALSO"
+.na
+.nf
+pickup(8), local mail pickup service
+cleanup(8), canonicalize and enqueue mail
+qmgr(8), queue manager
+postconf(5), configuration parameters
+master(8), process manager
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man8/smtp.8 b/man/man8/smtp.8
new file mode 100644
index 0000000..e53a377
--- /dev/null
+++ b/man/man8/smtp.8
@@ -0,0 +1,999 @@
+.TH SMTP 8
+.ad
+.fi
+.SH NAME
+smtp
+\-
+Postfix SMTP+LMTP client
+.SH "SYNOPSIS"
+.na
+.nf
+\fBsmtp\fR [generic Postfix daemon options] [flags=DORX]
+.SH DESCRIPTION
+.ad
+.fi
+The Postfix SMTP+LMTP client implements the SMTP and LMTP mail
+delivery protocols. It processes message delivery requests from
+the queue manager. Each request specifies a queue file, a sender
+address, a domain or host to deliver to, and recipient information.
+This program expects to be run from the \fBmaster\fR(8) process
+manager.
+
+The SMTP+LMTP client updates the queue file and marks recipients
+as finished, or it informs the queue manager that delivery should
+be tried again at a later time. Delivery status reports are sent
+to the \fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemon as
+appropriate.
+
+The SMTP+LMTP client looks up a list of mail exchanger addresses for
+the destination host, sorts the list by preference, and connects
+to each listed address until it finds a server that responds.
+
+When a server is not reachable, or when mail delivery fails due
+to a recoverable error condition, the SMTP+LMTP client will try to
+deliver the mail to an alternate host.
+
+After a successful mail transaction, a connection may be saved
+to the \fBscache\fR(8) connection cache server, so that it
+may be used by any SMTP+LMTP client for a subsequent transaction.
+
+By default, connection caching is enabled temporarily for
+destinations that have a high volume of mail in the active
+queue. Connection caching can be enabled permanently for
+specific destinations.
+.SH "SMTP DESTINATION SYNTAX"
+.na
+.nf
+.ad
+.fi
+The Postfix SMTP+LMTP client supports multiple destinations
+separated by comma or whitespace (Postfix 3.5 and later).
+SMTP destinations have the following form:
+.IP \fIdomainname\fR
+.IP \fIdomainname\fR:\fIport\fR
+Look up the mail exchangers for the specified domain, and
+connect to the specified port (default: \fBsmtp\fR).
+.IP [\fIhostname\fR]
+.IP [\fIhostname\fR]:\fIport\fR
+Look up the address(es) of the specified host, and connect to
+the specified port (default: \fBsmtp\fR).
+.IP [\fIaddress\fR]
+.IP [\fIaddress\fR]:\fIport\fR
+Connect to the host at the specified address, and connect
+to the specified port (default: \fBsmtp\fR). An IPv6 address
+must be formatted as [\fBipv6\fR:\fIaddress\fR].
+.SH "LMTP DESTINATION SYNTAX"
+.na
+.nf
+.ad
+.fi
+The Postfix SMTP+LMTP client supports multiple destinations
+separated by comma or whitespace (Postfix 3.5 and later).
+LMTP destinations have the following form:
+.IP \fBunix\fR:\fIpathname\fR
+Connect to the local UNIX\-domain server that is bound to the specified
+\fIpathname\fR. If the process runs chrooted, an absolute pathname
+is interpreted relative to the Postfix queue directory.
+.IP \fBinet\fR:\fIhostname\fR
+.IP \fBinet\fR:\fIhostname\fR:\fIport\fR
+.IP \fBinet\fR:[\fIaddress\fR]
+.IP \fBinet\fR:[\fIaddress\fR]:\fIport\fR
+Connect to the specified TCP port on the specified local or
+remote host. If no port is specified, connect to the port defined as
+\fBlmtp\fR in \fBservices\fR(4).
+If no such service is found, the \fBlmtp_tcp_port\fR configuration
+parameter (default value of 24) will be used.
+An IPv6 address must be formatted as [\fBipv6\fR:\fIaddress\fR].
+.SH "SINGLE-RECIPIENT DELIVERY"
+.na
+.nf
+.ad
+.fi
+By default, the Postfix SMTP+LMTP client delivers mail to
+multiple recipients per delivery request. This is undesirable
+when prepending a \fBDelivered\-to:\fR or \fBX\-Original\-To:\fR
+message header. To prevent Postfix from sending multiple
+recipients per delivery request, specify
+.sp
+.nf
+ \fItransport\fB_destination_recipient_limit = 1\fR
+.fi
+
+in the Postfix \fBmain.cf\fR file, where \fItransport\fR
+is the name in the first column of the Postfix \fBmaster.cf\fR
+entry for this mail delivery service.
+.SH "COMMAND ATTRIBUTE SYNTAX"
+.na
+.nf
+.ad
+.fi
+.IP "\fBflags=DORX\fR (optional)"
+Optional message processing flags.
+.RS
+.IP \fBD\fR
+Prepend a "\fBDelivered\-To: \fIrecipient\fR" message header
+with the envelope recipient address. Note: for this to work,
+the \fItransport\fB_destination_recipient_limit\fR must be
+1 (see SINGLE\-RECIPIENT DELIVERY above for details).
+.sp
+The \fBD\fR flag also enforces loop detection: if a message
+already contains a \fBDelivered\-To:\fR header with the same
+recipient address, then the message is returned as
+undeliverable. The address comparison is case insensitive.
+.sp
+This feature is available as of Postfix 3.5.
+.IP \fBO\fR
+Prepend an "\fBX\-Original\-To: \fIrecipient\fR" message
+header with the recipient address as given to Postfix. Note:
+for this to work, the
+\fItransport\fB_destination_recipient_limit\fR must be 1
+(see SINGLE\-RECIPIENT DELIVERY above for details).
+.sp
+This feature is available as of Postfix 3.5.
+.IP \fBR\fR
+Prepend a "\fBReturn\-Path: <\fIsender\fB>\fR" message header
+with the envelope sender address.
+.sp
+This feature is available as of Postfix 3.5.
+.IP \fBX\fR
+Indicates that the delivery is final. This flag affects
+the status reported in "success" DSN (delivery status
+notification) messages, and changes it from "relayed" into
+"delivered".
+.sp
+This feature is available as of Postfix 3.5.
+.RE
+.SH "SECURITY"
+.na
+.nf
+The SMTP+LMTP client is moderately security\-sensitive. It
+talks to SMTP or LMTP servers and to DNS servers on the
+network. The SMTP+LMTP client can be run chrooted at fixed
+low privilege.
+.SH "STANDARDS"
+.na
+.nf
+RFC 821 (SMTP protocol)
+RFC 822 (ARPA Internet Text Messages)
+RFC 1651 (SMTP service extensions)
+RFC 1652 (8bit\-MIME transport)
+RFC 1870 (Message Size Declaration)
+RFC 2033 (LMTP protocol)
+RFC 2034 (SMTP Enhanced Error Codes)
+RFC 2045 (MIME: Format of Internet Message Bodies)
+RFC 2046 (MIME: Media Types)
+RFC 2554 (AUTH command)
+RFC 2821 (SMTP protocol)
+RFC 2782 (SRV resource records)
+RFC 2920 (SMTP Pipelining)
+RFC 3207 (STARTTLS command)
+RFC 3461 (SMTP DSN Extension)
+RFC 3463 (Enhanced Status Codes)
+RFC 4954 (AUTH command)
+RFC 5321 (SMTP protocol)
+RFC 6531 (Internationalized SMTP)
+RFC 6533 (Internationalized Delivery Status Notifications)
+RFC 7672 (SMTP security via opportunistic DANE TLS)
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
+Corrupted message files are marked so that the queue manager can
+move them to the \fBcorrupt\fR queue for further inspection.
+
+Depending on the setting of the \fBnotify_classes\fR parameter,
+the postmaster is notified of bounces, protocol problems, and of
+other trouble.
+.SH BUGS
+.ad
+.fi
+SMTP and LMTP connection reuse for TLS (without closing the
+SMTP or LMTP connection) is not supported before Postfix 3.4.
+
+SMTP and LMTP connection reuse assumes that SASL credentials
+are valid for all destinations that map onto the same IP
+address and TCP port.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+Before Postfix version 2.3, the LMTP client is a separate
+program that implements only a subset of the functionality
+available with SMTP: there is no support for TLS, and
+connections are cached in\-process, making it ineffective
+when the client is used for multiple domains.
+
+Most smtp_\fIxxx\fR configuration parameters have an
+lmtp_\fIxxx\fR "mirror" parameter for the equivalent LMTP
+feature. This document describes only those LMTP\-related
+parameters that aren't simply "mirror" parameters.
+
+Changes to \fBmain.cf\fR are picked up automatically, as \fBsmtp\fR(8)
+processes run for only a limited amount of time. Use the command
+"\fBpostfix reload\fR" to speed up a change.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.SH "COMPATIBILITY CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBignore_mx_lookup_error (no)\fR"
+Ignore DNS MX lookups that produce no response.
+.IP "\fBsmtp_always_send_ehlo (yes)\fR"
+Always send EHLO at the start of an SMTP session.
+.IP "\fBsmtp_never_send_ehlo (no)\fR"
+Never send EHLO at the start of an SMTP session.
+.IP "\fBsmtp_defer_if_no_mx_address_found (no)\fR"
+Defer mail delivery when no MX record resolves to an IP address.
+.IP "\fBsmtp_line_length_limit (998)\fR"
+The maximal length of message header and body lines that Postfix
+will send via SMTP.
+.IP "\fBsmtp_pix_workaround_delay_time (10s)\fR"
+How long the Postfix SMTP client pauses before sending
+".<CR><LF>" in order to work around the PIX firewall
+"<CR><LF>.<CR><LF>" bug.
+.IP "\fBsmtp_pix_workaround_threshold_time (500s)\fR"
+How long a message must be queued before the Postfix SMTP client
+turns on the PIX firewall "<CR><LF>.<CR><LF>"
+bug workaround for delivery through firewalls with "smtp fixup"
+mode turned on.
+.IP "\fBsmtp_pix_workarounds (disable_esmtp, delay_dotcrlf)\fR"
+A list that specifies zero or more workarounds for CISCO PIX
+firewall bugs.
+.IP "\fBsmtp_pix_workaround_maps (empty)\fR"
+Lookup tables, indexed by the remote SMTP server address, with
+per\-destination workarounds for CISCO PIX firewall bugs.
+.IP "\fBsmtp_quote_rfc821_envelope (yes)\fR"
+Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands
+as required
+by RFC 5321.
+.IP "\fBsmtp_reply_filter (empty)\fR"
+A mechanism to transform replies from remote SMTP servers one
+line at a time.
+.IP "\fBsmtp_skip_5xx_greeting (yes)\fR"
+Skip remote SMTP servers that greet with a 5XX status code.
+.IP "\fBsmtp_skip_quit_response (yes)\fR"
+Do not wait for the response to the SMTP QUIT command.
+.PP
+Available in Postfix version 2.0 and earlier:
+.IP "\fBsmtp_skip_4xx_greeting (yes)\fR"
+Skip SMTP servers that greet with a 4XX status code (go away, try
+again later).
+.PP
+Available in Postfix version 2.2 and later:
+.IP "\fBsmtp_discard_ehlo_keyword_address_maps (empty)\fR"
+Lookup tables, indexed by the remote SMTP server address, with
+case insensitive lists of EHLO keywords (pipelining, starttls, auth,
+etc.) that the Postfix SMTP client will ignore in the EHLO response from a
+remote SMTP server.
+.IP "\fBsmtp_discard_ehlo_keywords (empty)\fR"
+A case insensitive list of EHLO keywords (pipelining, starttls,
+auth, etc.) that the Postfix SMTP client will ignore in the EHLO
+response from a remote SMTP server.
+.IP "\fBsmtp_generic_maps (empty)\fR"
+Optional lookup tables that perform address rewriting in the
+Postfix SMTP client, typically to transform a locally valid address into
+a globally valid address when sending mail across the Internet.
+.PP
+Available in Postfix version 2.2.9 and later:
+.IP "\fBsmtp_cname_overrides_servername (version dependent)\fR"
+When the remote SMTP servername is a DNS CNAME, replace the
+servername with the result from CNAME expansion for the purpose of
+logging, SASL password lookup, TLS
+policy decisions, or TLS certificate verification.
+.PP
+Available in Postfix version 2.3 and later:
+.IP "\fBlmtp_discard_lhlo_keyword_address_maps (empty)\fR"
+Lookup tables, indexed by the remote LMTP server address, with
+case insensitive lists of LHLO keywords (pipelining, starttls,
+auth, etc.) that the Postfix LMTP client will ignore in the LHLO
+response
+from a remote LMTP server.
+.IP "\fBlmtp_discard_lhlo_keywords (empty)\fR"
+A case insensitive list of LHLO keywords (pipelining, starttls,
+auth, etc.) that the Postfix LMTP client will ignore in the LHLO
+response
+from a remote LMTP server.
+.PP
+Available in Postfix version 2.4.4 and later:
+.IP "\fBsend_cyrus_sasl_authzid (no)\fR"
+When authenticating to a remote SMTP or LMTP server with the
+default setting "no", send no SASL authoriZation ID (authzid); send
+only the SASL authentiCation ID (authcid) plus the authcid's password.
+.PP
+Available in Postfix version 2.5 and later:
+.IP "\fBsmtp_header_checks (empty)\fR"
+Restricted \fBheader_checks\fR(5) tables for the Postfix SMTP client.
+.IP "\fBsmtp_mime_header_checks (empty)\fR"
+Restricted \fBmime_header_checks\fR(5) tables for the Postfix SMTP
+client.
+.IP "\fBsmtp_nested_header_checks (empty)\fR"
+Restricted \fBnested_header_checks\fR(5) tables for the Postfix SMTP
+client.
+.IP "\fBsmtp_body_checks (empty)\fR"
+Restricted \fBbody_checks\fR(5) tables for the Postfix SMTP client.
+.PP
+Available in Postfix version 2.6 and later:
+.IP "\fBtcp_windowsize (0)\fR"
+An optional workaround for routers that break TCP window scaling.
+.PP
+Available in Postfix version 2.8 and later:
+.IP "\fBsmtp_dns_resolver_options (empty)\fR"
+DNS Resolver options for the Postfix SMTP client.
+.PP
+Available in Postfix version 2.9 \- 3.6:
+.IP "\fBsmtp_per_record_deadline (no)\fR"
+Change the behavior of the smtp_*_timeout time limits, from a
+time limit per read or write system call, to a time limit to send
+or receive a complete record (an SMTP command line, SMTP response
+line, SMTP message content line, or TLS protocol message).
+.PP
+Available in Postfix version 2.9 and later:
+.IP "\fBsmtp_send_dummy_mail_auth (no)\fR"
+Whether or not to append the "AUTH=<>" option to the MAIL
+FROM command in SASL\-authenticated SMTP sessions.
+.PP
+Available in Postfix version 2.11 and later:
+.IP "\fBsmtp_dns_support_level (empty)\fR"
+Level of DNS support in the Postfix SMTP client.
+.PP
+Available in Postfix version 3.0 and later:
+.IP "\fBsmtp_delivery_status_filter ($default_delivery_status_filter)\fR"
+Optional filter for the \fBsmtp\fR(8) delivery agent to change the
+delivery status code or explanatory text of successful or unsuccessful
+deliveries.
+.IP "\fBsmtp_dns_reply_filter (empty)\fR"
+Optional filter for Postfix SMTP client DNS lookup results.
+.PP
+Available in Postfix version 3.3 and later:
+.IP "\fBsmtp_balance_inet_protocols (yes)\fR"
+When a remote destination resolves to a combination of IPv4 and
+IPv6 addresses, ensure that the Postfix SMTP client can try both
+address types before it runs into the smtp_mx_address_limit.
+.PP
+Available in Postfix 3.5 and later:
+.IP "\fBinfo_log_address_format (external)\fR"
+The email address form that will be used in non\-debug logging
+(info, warning, etc.).
+.PP
+Available in Postfix 3.6 and later:
+.IP "\fBdnssec_probe (ns:.)\fR"
+The DNS query type (default: "ns") and DNS query name (default:
+".") that Postfix may use to determine whether DNSSEC validation
+is available.
+.IP "\fBknown_tcp_ports (lmtp=24, smtp=25, smtps=submissions=465, submission=587)\fR"
+Optional setting that avoids lookups in the \fBservices\fR(5) database.
+.PP
+Available in Postfix version 3.7 and later:
+.IP "\fBsmtp_per_request_deadline (no)\fR"
+Change the behavior of the smtp_*_timeout time limits, from a
+time limit per plaintext or TLS read or write call, to a combined
+time limit for sending a complete SMTP request and for receiving a
+complete SMTP response.
+.IP "\fBsmtp_min_data_rate (500)\fR"
+The minimum plaintext data transfer rate in bytes/second for
+DATA requests, when deadlines are enabled with smtp_per_request_deadline.
+.IP "\fBheader_from_format (standard)\fR"
+The format of the Postfix\-generated \fBFrom:\fR header.
+.PP
+Available in Postfix version 3.8 and later:
+.IP "\fBuse_srv_lookup (empty)\fR"
+Enables discovery for the specified service(s) using DNS SRV
+records.
+.IP "\fBignore_srv_lookup_error (no)\fR"
+When SRV record lookup fails, fall back to MX or IP address
+lookup as if SRV record lookup was not enabled.
+.IP "\fBallow_srv_lookup_fallback (no)\fR"
+When SRV record lookup fails or no SRV record exists, fall back
+to MX or IP address lookup as if SRV record lookup was not enabled.
+.SH "MIME PROCESSING CONTROLS"
+.na
+.nf
+.ad
+.fi
+Available in Postfix version 2.0 and later:
+.IP "\fBdisable_mime_output_conversion (no)\fR"
+Disable the conversion of 8BITMIME format to 7BIT format.
+.IP "\fBmime_boundary_length_limit (2048)\fR"
+The maximal length of MIME multipart boundary strings.
+.IP "\fBmime_nesting_limit (100)\fR"
+The maximal recursion level that the MIME processor will handle.
+.SH "EXTERNAL CONTENT INSPECTION CONTROLS"
+.na
+.nf
+.ad
+.fi
+Available in Postfix version 2.1 and later:
+.IP "\fBsmtp_send_xforward_command (no)\fR"
+Send the non\-standard XFORWARD command when the Postfix SMTP server
+EHLO response announces XFORWARD support.
+.SH "SASL AUTHENTICATION CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBsmtp_sasl_auth_enable (no)\fR"
+Enable SASL authentication in the Postfix SMTP client.
+.IP "\fBsmtp_sasl_password_maps (empty)\fR"
+Optional Postfix SMTP client lookup tables with one username:password
+entry per sender, remote hostname or next\-hop domain.
+.IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR"
+Postfix SMTP client SASL security options; as of Postfix 2.3
+the list of available
+features depends on the SASL client implementation that is selected
+with \fBsmtp_sasl_type\fR.
+.PP
+Available in Postfix version 2.2 and later:
+.IP "\fBsmtp_sasl_mechanism_filter (empty)\fR"
+If non\-empty, a Postfix SMTP client filter for the remote SMTP
+server's list of offered SASL mechanisms.
+.PP
+Available in Postfix version 2.3 and later:
+.IP "\fBsmtp_sender_dependent_authentication (no)\fR"
+Enable sender\-dependent authentication in the Postfix SMTP client; this is
+available only with SASL authentication, and disables SMTP connection
+caching to ensure that mail from different senders will use the
+appropriate credentials.
+.IP "\fBsmtp_sasl_path (empty)\fR"
+Implementation\-specific information that the Postfix SMTP client
+passes through to
+the SASL plug\-in implementation that is selected with
+\fBsmtp_sasl_type\fR.
+.IP "\fBsmtp_sasl_type (cyrus)\fR"
+The SASL plug\-in type that the Postfix SMTP client should use
+for authentication.
+.PP
+Available in Postfix version 2.5 and later:
+.IP "\fBsmtp_sasl_auth_cache_name (empty)\fR"
+An optional table to prevent repeated SASL authentication
+failures with the same remote SMTP server hostname, username and
+password.
+.IP "\fBsmtp_sasl_auth_cache_time (90d)\fR"
+The maximal age of an smtp_sasl_auth_cache_name entry before it
+is removed.
+.IP "\fBsmtp_sasl_auth_soft_bounce (yes)\fR"
+When a remote SMTP server rejects a SASL authentication request
+with a 535 reply code, defer mail delivery instead of returning
+mail as undeliverable.
+.PP
+Available in Postfix version 2.9 and later:
+.IP "\fBsmtp_send_dummy_mail_auth (no)\fR"
+Whether or not to append the "AUTH=<>" option to the MAIL
+FROM command in SASL\-authenticated SMTP sessions.
+.SH "STARTTLS SUPPORT CONTROLS"
+.na
+.nf
+.ad
+.fi
+Detailed information about STARTTLS configuration may be found
+in the TLS_README document.
+.IP "\fBsmtp_tls_security_level (empty)\fR"
+The default SMTP TLS security level for the Postfix SMTP client.
+.IP "\fBsmtp_sasl_tls_security_options ($smtp_sasl_security_options)\fR"
+The SASL authentication security options that the Postfix SMTP
+client uses for TLS encrypted SMTP sessions.
+.IP "\fBsmtp_starttls_timeout (300s)\fR"
+Time limit for Postfix SMTP client write and read operations
+during TLS startup and shutdown handshake procedures.
+.IP "\fBsmtp_tls_CAfile (empty)\fR"
+A file containing CA certificates of root CAs trusted to sign
+either remote SMTP server certificates or intermediate CA certificates.
+.IP "\fBsmtp_tls_CApath (empty)\fR"
+Directory with PEM format Certification Authority certificates
+that the Postfix SMTP client uses to verify a remote SMTP server
+certificate.
+.IP "\fBsmtp_tls_cert_file (empty)\fR"
+File with the Postfix SMTP client RSA certificate in PEM format.
+.IP "\fBsmtp_tls_mandatory_ciphers (medium)\fR"
+The minimum TLS cipher grade that the Postfix SMTP client will
+use with
+mandatory TLS encryption.
+.IP "\fBsmtp_tls_exclude_ciphers (empty)\fR"
+List of ciphers or cipher types to exclude from the Postfix
+SMTP client cipher
+list at all TLS security levels.
+.IP "\fBsmtp_tls_mandatory_exclude_ciphers (empty)\fR"
+Additional list of ciphers or cipher types to exclude from the
+Postfix SMTP client cipher list at mandatory TLS security levels.
+.IP "\fBsmtp_tls_dcert_file (empty)\fR"
+File with the Postfix SMTP client DSA certificate in PEM format.
+.IP "\fBsmtp_tls_dkey_file ($smtp_tls_dcert_file)\fR"
+File with the Postfix SMTP client DSA private key in PEM format.
+.IP "\fBsmtp_tls_key_file ($smtp_tls_cert_file)\fR"
+File with the Postfix SMTP client RSA private key in PEM format.
+.IP "\fBsmtp_tls_loglevel (0)\fR"
+Enable additional Postfix SMTP client logging of TLS activity.
+.IP "\fBsmtp_tls_note_starttls_offer (no)\fR"
+Log the hostname of a remote SMTP server that offers STARTTLS,
+when TLS is not already enabled for that server.
+.IP "\fBsmtp_tls_policy_maps (empty)\fR"
+Optional lookup tables with the Postfix SMTP client TLS security
+policy by next\-hop destination; when a non\-empty value is specified,
+this overrides the obsolete smtp_tls_per_site parameter.
+.IP "\fBsmtp_tls_mandatory_protocols (see 'postconf -d' output)\fR"
+TLS protocols that the Postfix SMTP client will use with mandatory
+TLS encryption.
+.IP "\fBsmtp_tls_scert_verifydepth (9)\fR"
+The verification depth for remote SMTP server certificates.
+.IP "\fBsmtp_tls_secure_cert_match (nexthop, dot\-nexthop)\fR"
+How the Postfix SMTP client verifies the server certificate
+peername for the "secure" TLS security level.
+.IP "\fBsmtp_tls_session_cache_database (empty)\fR"
+Name of the file containing the optional Postfix SMTP client
+TLS session cache.
+.IP "\fBsmtp_tls_session_cache_timeout (3600s)\fR"
+The expiration time of Postfix SMTP client TLS session cache
+information.
+.IP "\fBsmtp_tls_verify_cert_match (hostname)\fR"
+How the Postfix SMTP client verifies the server certificate
+peername for the
+"verify" TLS security level.
+.IP "\fBtls_daemon_random_bytes (32)\fR"
+The number of pseudo\-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8)
+process requests from the \fBtlsmgr\fR(8) server in order to seed its
+internal pseudo random number generator (PRNG).
+.IP "\fBtls_high_cipherlist (see 'postconf -d' output)\fR"
+The OpenSSL cipherlist for "high" grade ciphers.
+.IP "\fBtls_medium_cipherlist (see 'postconf -d' output)\fR"
+The OpenSSL cipherlist for "medium" or higher grade ciphers.
+.IP "\fBtls_null_cipherlist (eNULL:!aNULL)\fR"
+The OpenSSL cipherlist for "NULL" grade ciphers that provide
+authentication without encryption.
+.PP
+Available in in Postfix version 2.3..3.7:
+.IP "\fBtls_low_cipherlist (see 'postconf -d' output)\fR"
+The OpenSSL cipherlist for "low" or higher grade ciphers.
+.IP "\fBtls_export_cipherlist (see 'postconf -d' output)\fR"
+The OpenSSL cipherlist for "export" or higher grade ciphers.
+.PP
+Available in Postfix version 2.4 and later:
+.IP "\fBsmtp_sasl_tls_verified_security_options ($smtp_sasl_tls_security_options)\fR"
+The SASL authentication security options that the Postfix SMTP
+client uses for TLS encrypted SMTP sessions with a verified server
+certificate.
+.PP
+Available in Postfix version 2.5 and later:
+.IP "\fBsmtp_tls_fingerprint_cert_match (empty)\fR"
+List of acceptable remote SMTP server certificate fingerprints for
+the "fingerprint" TLS security level (\fBsmtp_tls_security_level\fR =
+fingerprint).
+.IP "\fBsmtp_tls_fingerprint_digest (see 'postconf -d' output)\fR"
+The message digest algorithm used to construct remote SMTP server
+certificate fingerprints.
+.PP
+Available in Postfix version 2.6 and later:
+.IP "\fBsmtp_tls_protocols (see postconf -d output)\fR"
+TLS protocols that the Postfix SMTP client will use with
+opportunistic TLS encryption.
+.IP "\fBsmtp_tls_ciphers (medium)\fR"
+The minimum TLS cipher grade that the Postfix SMTP client
+will use with opportunistic TLS encryption.
+.IP "\fBsmtp_tls_eccert_file (empty)\fR"
+File with the Postfix SMTP client ECDSA certificate in PEM format.
+.IP "\fBsmtp_tls_eckey_file ($smtp_tls_eccert_file)\fR"
+File with the Postfix SMTP client ECDSA private key in PEM format.
+.PP
+Available in Postfix version 2.7 and later:
+.IP "\fBsmtp_tls_block_early_mail_reply (no)\fR"
+Try to detect a mail hijacking attack based on a TLS protocol
+vulnerability (CVE\-2009\-3555), where an attacker prepends malicious
+HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session.
+.PP
+Available in Postfix version 2.8 and later:
+.IP "\fBtls_disable_workarounds (see 'postconf -d' output)\fR"
+List or bit\-mask of OpenSSL bug work\-arounds to disable.
+.PP
+Available in Postfix version 2.11\-3.1:
+.IP "\fBtls_dane_digest_agility (on)\fR"
+Configure RFC7671 DANE TLSA digest algorithm agility.
+.IP "\fBtls_dane_trust_anchor_digest_enable (yes)\fR"
+Enable support for RFC 6698 (DANE TLSA) DNS records that contain
+digests of trust\-anchors with certificate usage "2".
+.PP
+Available in Postfix version 2.11 and later:
+.IP "\fBsmtp_tls_trust_anchor_file (empty)\fR"
+Zero or more PEM\-format files with trust\-anchor certificates
+and/or public keys.
+.IP "\fBsmtp_tls_force_insecure_host_tlsa_lookup (no)\fR"
+Lookup the associated DANE TLSA RRset even when a hostname is
+not an alias and its address records lie in an unsigned zone.
+.IP "\fBtlsmgr_service_name (tlsmgr)\fR"
+The name of the \fBtlsmgr\fR(8) service entry in master.cf.
+.PP
+Available in Postfix version 3.0 and later:
+.IP "\fBsmtp_tls_wrappermode (no)\fR"
+Request that the Postfix SMTP client connects using the
+SUBMISSIONS/SMTPS protocol instead of using the STARTTLS command.
+.PP
+Available in Postfix version 3.1 and later:
+.IP "\fBsmtp_tls_dane_insecure_mx_policy (see 'postconf -d' output)\fR"
+The TLS policy for MX hosts with "secure" TLSA records when the
+nexthop destination security level is \fBdane\fR, but the MX
+record was found via an "insecure" MX lookup.
+.PP
+Available in Postfix version 3.2 and later:
+.IP "\fBtls_eecdh_auto_curves (see 'postconf -d' output)\fR"
+The prioritized list of elliptic curves supported by the Postfix
+SMTP client and server.
+.PP
+Available in Postfix version 3.4 and later:
+.IP "\fBsmtp_tls_connection_reuse (no)\fR"
+Try to make multiple deliveries per TLS\-encrypted connection.
+.IP "\fBsmtp_tls_chain_files (empty)\fR"
+List of one or more PEM files, each holding one or more private keys
+directly followed by a corresponding certificate chain.
+.IP "\fBsmtp_tls_servername (empty)\fR"
+Optional name to send to the remote SMTP server in the TLS Server
+Name Indication (SNI) extension.
+.PP
+Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
+.IP "\fBtls_fast_shutdown_enable (yes)\fR"
+A workaround for implementations that hang Postfix while shutting
+down a TLS session, until Postfix times out.
+.PP
+Available in Postfix version 3.8 and later:
+.IP "\fBtls_ffdhe_auto_groups (see 'postconf -d' output)\fR"
+The prioritized list of finite\-field Diffie\-Hellman ephemeral
+(FFDHE) key exchange groups supported by the Postfix SMTP client and
+server.
+.PP
+Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later:
+.IP "\fBtls_config_file (default)\fR"
+Optional configuration file with baseline OpenSSL settings.
+.IP "\fBtls_config_name (empty)\fR"
+The application name passed by Postfix to OpenSSL library
+initialization functions.
+.SH "OBSOLETE STARTTLS CONTROLS"
+.na
+.nf
+.ad
+.fi
+The following configuration parameters exist for compatibility
+with Postfix versions before 2.3. Support for these will
+be removed in a future release.
+.IP "\fBsmtp_use_tls (no)\fR"
+Opportunistic mode: use TLS when a remote SMTP server announces
+STARTTLS support, otherwise send the mail in the clear.
+.IP "\fBsmtp_enforce_tls (no)\fR"
+Enforcement mode: require that remote SMTP servers use TLS
+encryption, and never send mail in the clear.
+.IP "\fBsmtp_tls_enforce_peername (yes)\fR"
+With mandatory TLS encryption, require that the remote SMTP
+server hostname matches the information in the remote SMTP server
+certificate.
+.IP "\fBsmtp_tls_per_site (empty)\fR"
+Optional lookup tables with the Postfix SMTP client TLS usage
+policy by next\-hop destination and by remote SMTP server hostname.
+.IP "\fBsmtp_tls_cipherlist (empty)\fR"
+Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
+cipher list.
+.SH "RESOURCE AND RATE CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBsmtp_connect_timeout (30s)\fR"
+The Postfix SMTP client time limit for completing a TCP connection, or
+zero (use the operating system built\-in time limit).
+.IP "\fBsmtp_helo_timeout (300s)\fR"
+The Postfix SMTP client time limit for sending the HELO or EHLO command,
+and for receiving the initial remote SMTP server response.
+.IP "\fBlmtp_lhlo_timeout (300s)\fR"
+The Postfix LMTP client time limit for sending the LHLO command,
+and for receiving the initial remote LMTP server response.
+.IP "\fBsmtp_xforward_timeout (300s)\fR"
+The Postfix SMTP client time limit for sending the XFORWARD command,
+and for receiving the remote SMTP server response.
+.IP "\fBsmtp_mail_timeout (300s)\fR"
+The Postfix SMTP client time limit for sending the MAIL FROM command,
+and for receiving the remote SMTP server response.
+.IP "\fBsmtp_rcpt_timeout (300s)\fR"
+The Postfix SMTP client time limit for sending the SMTP RCPT TO
+command, and for receiving the remote SMTP server response.
+.IP "\fBsmtp_data_init_timeout (120s)\fR"
+The Postfix SMTP client time limit for sending the SMTP DATA command,
+and for receiving the remote SMTP server response.
+.IP "\fBsmtp_data_xfer_timeout (180s)\fR"
+The Postfix SMTP client time limit for sending the SMTP message content.
+.IP "\fBsmtp_data_done_timeout (600s)\fR"
+The Postfix SMTP client time limit for sending the SMTP ".", and
+for receiving the remote SMTP server response.
+.IP "\fBsmtp_quit_timeout (300s)\fR"
+The Postfix SMTP client time limit for sending the QUIT command,
+and for receiving the remote SMTP server response.
+.PP
+Available in Postfix version 2.1 and later:
+.IP "\fBsmtp_mx_address_limit (5)\fR"
+The maximal number of MX (mail exchanger) IP addresses that can
+result from Postfix SMTP client mail exchanger lookups, or zero (no
+limit).
+.IP "\fBsmtp_mx_session_limit (2)\fR"
+The maximal number of SMTP sessions per delivery request before
+the Postfix SMTP client
+gives up or delivers to a fall\-back relay host, or zero (no
+limit).
+.IP "\fBsmtp_rset_timeout (20s)\fR"
+The Postfix SMTP client time limit for sending the RSET command,
+and for receiving the remote SMTP server response.
+.PP
+Available in Postfix version 2.2 and earlier:
+.IP "\fBlmtp_cache_connection (yes)\fR"
+Keep Postfix LMTP client connections open for up to $max_idle
+seconds.
+.PP
+Available in Postfix version 2.2 and later:
+.IP "\fBsmtp_connection_cache_destinations (empty)\fR"
+Permanently enable SMTP connection caching for the specified
+destinations.
+.IP "\fBsmtp_connection_cache_on_demand (yes)\fR"
+Temporarily enable SMTP connection caching while a destination
+has a high volume of mail in the active queue.
+.IP "\fBsmtp_connection_reuse_time_limit (300s)\fR"
+The amount of time during which Postfix will use an SMTP
+connection repeatedly.
+.IP "\fBsmtp_connection_cache_time_limit (2s)\fR"
+When SMTP connection caching is enabled, the amount of time that
+an unused SMTP client socket is kept open before it is closed.
+.PP
+Available in Postfix version 2.3 and later:
+.IP "\fBconnection_cache_protocol_timeout (5s)\fR"
+Time limit for connection cache connect, send or receive
+operations.
+.PP
+Available in Postfix version 2.9 \- 3.6:
+.IP "\fBsmtp_per_record_deadline (no)\fR"
+Change the behavior of the smtp_*_timeout time limits, from a
+time limit per read or write system call, to a time limit to send
+or receive a complete record (an SMTP command line, SMTP response
+line, SMTP message content line, or TLS protocol message).
+.PP
+Available in Postfix version 2.11 and later:
+.IP "\fBsmtp_connection_reuse_count_limit (0)\fR"
+When SMTP connection caching is enabled, the number of times
+that an SMTP session may be reused before it is closed, or zero (no
+limit).
+.PP
+Available in Postfix version 3.4 and later:
+.IP "\fBsmtp_tls_connection_reuse (no)\fR"
+Try to make multiple deliveries per TLS\-encrypted connection.
+.PP
+Available in Postfix version 3.7 and later:
+.IP "\fBsmtp_per_request_deadline (no)\fR"
+Change the behavior of the smtp_*_timeout time limits, from a
+time limit per plaintext or TLS read or write call, to a combined
+time limit for sending a complete SMTP request and for receiving a
+complete SMTP response.
+.IP "\fBsmtp_min_data_rate (500)\fR"
+The minimum plaintext data transfer rate in bytes/second for
+DATA requests, when deadlines are enabled with smtp_per_request_deadline.
+.PP
+Implemented in the qmgr(8) daemon:
+.IP "\fBtransport_destination_concurrency_limit ($default_destination_concurrency_limit)\fR"
+A transport\-specific override for the
+default_destination_concurrency_limit parameter value, where
+\fItransport\fR is the master.cf name of the message delivery
+transport.
+.IP "\fBtransport_destination_recipient_limit ($default_destination_recipient_limit)\fR"
+A transport\-specific override for the
+default_destination_recipient_limit parameter value, where
+\fItransport\fR is the master.cf name of the message delivery
+transport.
+.SH "SMTPUTF8 CONTROLS"
+.na
+.nf
+.ad
+.fi
+Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
+.IP "\fBsmtputf8_enable (yes)\fR"
+Enable preliminary SMTPUTF8 support for the protocols described
+in RFC 6531, RFC 6532, and RFC 6533.
+.IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR"
+Detect that a message requires SMTPUTF8 support for the specified
+mail origin classes.
+.PP
+Available in Postfix version 3.2 and later:
+.IP "\fBenable_idna2003_compatibility (no)\fR"
+Enable 'transitional' compatibility between IDNA2003 and IDNA2008,
+when converting UTF\-8 domain names to/from the ASCII form that is
+used for DNS lookups.
+.SH "TROUBLE SHOOTING CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBdebug_peer_level (2)\fR"
+The increment in verbose logging level when a nexthop destination,
+remote client or server name or network address matches a pattern
+given with the debug_peer_list parameter.
+.IP "\fBdebug_peer_list (empty)\fR"
+Optional list of nexthop destination, remote client or server
+name or network address patterns that, if matched, cause the verbose
+logging level to increase by the amount specified in $debug_peer_level.
+.IP "\fBerror_notice_recipient (postmaster)\fR"
+The recipient of postmaster notifications about mail delivery
+problems that are caused by policy, resource, software or protocol
+errors.
+.IP "\fBinternal_mail_filter_classes (empty)\fR"
+What categories of Postfix\-generated mail are subject to
+before\-queue content inspection by non_smtpd_milters, header_checks
+and body_checks.
+.IP "\fBnotify_classes (resource, software)\fR"
+The list of error classes that are reported to the postmaster.
+.SH "MISCELLANEOUS CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBbest_mx_transport (empty)\fR"
+Where the Postfix SMTP client should deliver mail when it detects
+a "mail loops back to myself" error condition.
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBdaemon_timeout (18000s)\fR"
+How much time a Postfix daemon process may take to handle a
+request before it is terminated by a built\-in watchdog timer.
+.IP "\fBdelay_logging_resolution_limit (2)\fR"
+The maximal number of digits after the decimal point when logging
+sub\-second delay values.
+.IP "\fBdisable_dns_lookups (no)\fR"
+Disable DNS lookups in the Postfix SMTP and LMTP clients.
+.IP "\fBinet_interfaces (all)\fR"
+The local network interface addresses that this mail system receives
+mail on.
+.IP "\fBinet_protocols (see 'postconf -d output')\fR"
+The Internet protocols Postfix will attempt to use when making
+or accepting connections.
+.IP "\fBipc_timeout (3600s)\fR"
+The time limit for sending or receiving information over an internal
+communication channel.
+.IP "\fBlmtp_assume_final (no)\fR"
+When a remote LMTP server announces no DSN support, assume that
+the
+server performs final delivery, and send "delivered" delivery status
+notifications instead of "relayed".
+.IP "\fBlmtp_tcp_port (24)\fR"
+The default TCP port that the Postfix LMTP client connects to.
+.IP "\fBmax_idle (100s)\fR"
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
+.IP "\fBmax_use (100)\fR"
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
+.IP "\fBprocess_id (read\-only)\fR"
+The process ID of a Postfix command or daemon process.
+.IP "\fBprocess_name (read\-only)\fR"
+The process name of a Postfix command or daemon process.
+.IP "\fBproxy_interfaces (empty)\fR"
+The remote network interface addresses that this mail system receives mail
+on by way of a proxy or network address translation unit.
+.IP "\fBsmtp_address_preference (any)\fR"
+The address type ("ipv6", "ipv4" or "any") that the Postfix
+SMTP client will try first, when a destination has IPv6 and IPv4
+addresses with equal MX preference.
+.IP "\fBsmtp_bind_address (empty)\fR"
+An optional numerical network address that the Postfix SMTP client
+should bind to when making an IPv4 connection.
+.IP "\fBsmtp_bind_address6 (empty)\fR"
+An optional numerical network address that the Postfix SMTP client
+should bind to when making an IPv6 connection.
+.IP "\fBsmtp_helo_name ($myhostname)\fR"
+The hostname to send in the SMTP HELO or EHLO command.
+.IP "\fBlmtp_lhlo_name ($myhostname)\fR"
+The hostname to send in the LMTP LHLO command.
+.IP "\fBsmtp_host_lookup (dns)\fR"
+What mechanisms the Postfix SMTP client uses to look up a host's
+IP address.
+.IP "\fBsmtp_randomize_addresses (yes)\fR"
+Randomize the order of equal\-preference MX host addresses.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available with Postfix 2.2 and earlier:
+.IP "\fBfallback_relay (empty)\fR"
+Optional list of relay hosts for SMTP destinations that can't be
+found or that are unreachable.
+.PP
+Available with Postfix 2.3 and later:
+.IP "\fBsmtp_fallback_relay ($fallback_relay)\fR"
+Optional list of relay destinations that will be used when an
+SMTP destination is not found, or when delivery fails due to a
+non\-permanent error.
+.PP
+Available with Postfix 3.0 and later:
+.IP "\fBsmtp_address_verify_target (rcpt)\fR"
+In the context of email address verification, the SMTP protocol
+stage that determines whether an email address is deliverable.
+.PP
+Available with Postfix 3.1 and later:
+.IP "\fBlmtp_fallback_relay (empty)\fR"
+Optional list of relay hosts for LMTP destinations that can't be
+found or that are unreachable.
+.PP
+Available with Postfix 3.2 and later:
+.IP "\fBsmtp_tcp_port (smtp)\fR"
+The default TCP port that the Postfix SMTP client connects to.
+.PP
+Available in Postfix 3.3 and later:
+.IP "\fBservice_name (read\-only)\fR"
+The master.cf service name of a Postfix daemon process.
+.PP
+Available in Postfix 3.7 and later:
+.IP "\fBsmtp_bind_address_enforce (no)\fR"
+Defer delivery when the Postfix SMTP client cannot apply the
+smtp_bind_address or smtp_bind_address6 setting.
+.SH "SEE ALSO"
+.na
+.nf
+generic(5), output address rewriting
+header_checks(5), message header content inspection
+body_checks(5), body parts content inspection
+qmgr(8), queue manager
+bounce(8), delivery status reports
+scache(8), connection cache server
+postconf(5), configuration parameters
+master(5), generic daemon options
+master(8), process manager
+tlsmgr(8), TLS session and PRNG management
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+SASL_README, Postfix SASL howto
+TLS_README, Postfix STARTTLS howto
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
+
+Command pipelining in cooperation with:
+Jon Ribbens
+Oaktree Internet Solutions Ltd.,
+Internet House,
+Canal Basin,
+Coventry,
+CV1 4LY, United Kingdom.
+
+SASL support originally by:
+Till Franke
+SuSE Rhein/Main AG
+65760 Eschborn, Germany
+
+TLS support originally by:
+Lutz Jaenicke
+BTU Cottbus
+Allgemeine Elektrotechnik
+Universitaetsplatz 3\-4
+D\-03044 Cottbus, Germany
+
+Revised TLS and SMTP connection cache support by:
+Victor Duchovni
+Morgan Stanley
diff --git a/man/man8/smtpd.8 b/man/man8/smtpd.8
new file mode 100644
index 0000000..6f72084
--- /dev/null
+++ b/man/man8/smtpd.8
@@ -0,0 +1,1294 @@
+.TH SMTPD 8
+.ad
+.fi
+.SH NAME
+smtpd
+\-
+Postfix SMTP server
+.SH "SYNOPSIS"
+.na
+.nf
+\fBsmtpd\fR [generic Postfix daemon options]
+
+\fBsendmail \-bs\fR
+.SH DESCRIPTION
+.ad
+.fi
+The SMTP server accepts network connection requests
+and performs zero or more SMTP transactions per connection.
+Each received message is piped through the \fBcleanup\fR(8)
+daemon, and is placed into the \fBincoming\fR queue as one
+single queue file. For this mode of operation, the program
+expects to be run from the \fBmaster\fR(8) process manager.
+
+Alternatively, the SMTP server be can run in stand\-alone
+mode; this is traditionally obtained with "\fBsendmail
+\-bs\fR". When the SMTP server runs stand\-alone with non
+$\fBmail_owner\fR privileges, it receives mail even while
+the mail system is not running, deposits messages directly
+into the \fBmaildrop\fR queue, and disables the SMTP server's
+access policies. As of Postfix version 2.3, the SMTP server
+refuses to receive mail from the network when it runs with
+non $\fBmail_owner\fR privileges.
+
+The SMTP server implements a variety of policies for connection
+requests, and for parameters given to \fBHELO, ETRN, MAIL FROM, VRFY\fR
+and \fBRCPT TO\fR commands. They are detailed below and in the
+\fBmain.cf\fR configuration file.
+.SH "SECURITY"
+.na
+.nf
+.ad
+.fi
+The SMTP server is moderately security\-sensitive. It talks to SMTP
+clients and to DNS servers on the network. The SMTP server can be
+run chrooted at fixed low privilege.
+.SH "STANDARDS"
+.na
+.nf
+RFC 821 (SMTP protocol)
+RFC 1123 (Host requirements)
+RFC 1652 (8bit\-MIME transport)
+RFC 1869 (SMTP service extensions)
+RFC 1870 (Message size declaration)
+RFC 1985 (ETRN command)
+RFC 2034 (SMTP enhanced status codes)
+RFC 2554 (AUTH command)
+RFC 2821 (SMTP protocol)
+RFC 2920 (SMTP pipelining)
+RFC 3030 (CHUNKING without BINARYMIME)
+RFC 3207 (STARTTLS command)
+RFC 3461 (SMTP DSN extension)
+RFC 3463 (Enhanced status codes)
+RFC 3848 (ESMTP transmission types)
+RFC 4409 (Message submission)
+RFC 4954 (AUTH command)
+RFC 5321 (SMTP protocol)
+RFC 6531 (Internationalized SMTP)
+RFC 6533 (Internationalized Delivery Status Notifications)
+RFC 7505 ("Null MX" No Service Resource Record)
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
+
+Depending on the setting of the \fBnotify_classes\fR parameter,
+the postmaster is notified of bounces, protocol problems,
+policy violations, and of other trouble.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+Changes to \fBmain.cf\fR are picked up automatically, as \fBsmtpd\fR(8)
+processes run for only a limited amount of time. Use the command
+"\fBpostfix reload\fR" to speed up a change.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.SH "COMPATIBILITY CONTROLS"
+.na
+.nf
+.ad
+.fi
+The following parameters work around implementation errors in other
+software, and/or allow you to override standards in order to prevent
+undesirable use.
+.ad
+.fi
+.IP "\fBbroken_sasl_auth_clients (no)\fR"
+Enable interoperability with remote SMTP clients that implement an obsolete
+version of the AUTH command (RFC 4954).
+.IP "\fBdisable_vrfy_command (no)\fR"
+Disable the SMTP VRFY command.
+.IP "\fBsmtpd_noop_commands (empty)\fR"
+List of commands that the Postfix SMTP server replies to with "250
+Ok", without doing any syntax checks and without changing state.
+.IP "\fBstrict_rfc821_envelopes (no)\fR"
+Require that addresses received in SMTP MAIL FROM and RCPT TO
+commands are enclosed with <>, and that those addresses do
+not contain RFC 822 style comments or phrases.
+.PP
+Available in Postfix version 2.1 and later:
+.IP "\fBsmtpd_reject_unlisted_sender (no)\fR"
+Request that the Postfix SMTP server rejects mail from unknown
+sender addresses, even when no explicit reject_unlisted_sender
+access restriction is specified.
+.IP "\fBsmtpd_sasl_exceptions_networks (empty)\fR"
+What remote SMTP clients the Postfix SMTP server will not offer
+AUTH support to.
+.PP
+Available in Postfix version 2.2 and later:
+.IP "\fBsmtpd_discard_ehlo_keyword_address_maps (empty)\fR"
+Lookup tables, indexed by the remote SMTP client address, with
+case insensitive lists of EHLO keywords (pipelining, starttls, auth,
+etc.) that the Postfix SMTP server will not send in the EHLO response
+to a
+remote SMTP client.
+.IP "\fBsmtpd_discard_ehlo_keywords (empty)\fR"
+A case insensitive list of EHLO keywords (pipelining, starttls,
+auth, etc.) that the Postfix SMTP server will not send in the EHLO
+response
+to a remote SMTP client.
+.IP "\fBsmtpd_delay_open_until_valid_rcpt (yes)\fR"
+Postpone the start of an SMTP mail transaction until a valid
+RCPT TO command is received.
+.PP
+Available in Postfix version 2.3 and later:
+.IP "\fBsmtpd_tls_always_issue_session_ids (yes)\fR"
+Force the Postfix SMTP server to issue a TLS session id, even
+when TLS session caching is turned off (smtpd_tls_session_cache_database
+is empty).
+.PP
+Available in Postfix version 2.6 and later:
+.IP "\fBtcp_windowsize (0)\fR"
+An optional workaround for routers that break TCP window scaling.
+.PP
+Available in Postfix version 2.7 and later:
+.IP "\fBsmtpd_command_filter (empty)\fR"
+A mechanism to transform commands from remote SMTP clients.
+.PP
+Available in Postfix version 2.9 \- 3.6:
+.IP "\fBsmtpd_per_record_deadline (normal: no, overload: yes)\fR"
+Change the behavior of the smtpd_timeout and smtpd_starttls_timeout
+time limits, from a
+time limit per read or write system call, to a time limit to send
+or receive a complete record (an SMTP command line, SMTP response
+line, SMTP message content line, or TLS protocol message).
+.PP
+Available in Postfix version 3.0 and later:
+.IP "\fBsmtpd_dns_reply_filter (empty)\fR"
+Optional filter for Postfix SMTP server DNS lookup results.
+.PP
+Available in Postfix 3.5 and later:
+.IP "\fBinfo_log_address_format (external)\fR"
+The email address form that will be used in non\-debug logging
+(info, warning, etc.).
+.PP
+Available in Postfix version 3.6 and later:
+.IP "\fBsmtpd_relay_before_recipient_restrictions (see 'postconf -d' output)\fR"
+Evaluate smtpd_relay_restrictions before smtpd_recipient_restrictions.
+.IP "\fBknown_tcp_ports (lmtp=24, smtp=25, smtps=submissions=465, submission=587)\fR"
+Optional setting that avoids lookups in the \fBservices\fR(5) database.
+.PP
+Available in Postfix version 3.7 and later:
+.IP "\fBsmtpd_per_request_deadline (normal: no, overload: yes)\fR"
+Change the behavior of the smtpd_timeout and smtpd_starttls_timeout
+time limits, from a time limit per plaintext or TLS read or write
+call, to a combined time limit for receiving a complete SMTP request
+and for sending a complete SMTP response.
+.IP "\fBsmtpd_min_data_rate (500)\fR"
+The minimum plaintext data transfer rate in bytes/second for
+DATA and BDAT requests, when deadlines are enabled with
+smtpd_per_request_deadline.
+.SH "ADDRESS REWRITING CONTROLS"
+.na
+.nf
+.ad
+.fi
+See the ADDRESS_REWRITING_README document for a detailed
+discussion of Postfix address rewriting.
+.IP "\fBreceive_override_options (empty)\fR"
+Enable or disable recipient validation, built\-in content
+filtering, or address mapping.
+.PP
+Available in Postfix version 2.2 and later:
+.IP "\fBlocal_header_rewrite_clients (permit_inet_interfaces)\fR"
+Rewrite or add message headers in mail from these clients,
+updating incomplete addresses with the domain name in $myorigin or
+$mydomain, and adding missing headers.
+.SH "BEFORE-SMTPD PROXY AGENT"
+.na
+.nf
+.ad
+.fi
+Available in Postfix version 2.10 and later:
+.IP "\fBsmtpd_upstream_proxy_protocol (empty)\fR"
+The name of the proxy protocol used by an optional before\-smtpd
+proxy agent.
+.IP "\fBsmtpd_upstream_proxy_timeout (5s)\fR"
+The time limit for the proxy protocol specified with the
+smtpd_upstream_proxy_protocol parameter.
+.SH "AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS"
+.na
+.nf
+.ad
+.fi
+As of version 1.0, Postfix can be configured to send new mail to
+an external content filter AFTER the mail is queued. This content
+filter is expected to inject mail back into a (Postfix or other)
+MTA for further delivery. See the FILTER_README document for details.
+.IP "\fBcontent_filter (empty)\fR"
+After the message is queued, send the entire message to the
+specified \fItransport:destination\fR.
+.SH "BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS"
+.na
+.nf
+.ad
+.fi
+As of version 2.1, the Postfix SMTP server can be configured
+to send incoming mail to a real\-time SMTP\-based content filter
+BEFORE mail is queued. This content filter is expected to inject
+mail back into Postfix. See the SMTPD_PROXY_README document for
+details on how to configure and operate this feature.
+.IP "\fBsmtpd_proxy_filter (empty)\fR"
+The hostname and TCP port of the mail filtering proxy server.
+.IP "\fBsmtpd_proxy_ehlo ($myhostname)\fR"
+How the Postfix SMTP server announces itself to the proxy filter.
+.IP "\fBsmtpd_proxy_options (empty)\fR"
+List of options that control how the Postfix SMTP server
+communicates with a before\-queue content filter.
+.IP "\fBsmtpd_proxy_timeout (100s)\fR"
+The time limit for connecting to a proxy filter and for sending or
+receiving information.
+.SH "BEFORE QUEUE MILTER CONTROLS"
+.na
+.nf
+.ad
+.fi
+As of version 2.3, Postfix supports the Sendmail version 8
+Milter (mail filter) protocol. These content filters run
+outside Postfix. They can inspect the SMTP command stream
+and the message content, and can request modifications before
+mail is queued. For details see the MILTER_README document.
+.IP "\fBsmtpd_milters (empty)\fR"
+A list of Milter (mail filter) applications for new mail that
+arrives via the Postfix \fBsmtpd\fR(8) server.
+.IP "\fBmilter_protocol (6)\fR"
+The mail filter protocol version and optional protocol extensions
+for communication with a Milter application; prior to Postfix 2.6
+the default protocol is 2.
+.IP "\fBmilter_default_action (tempfail)\fR"
+The default action when a Milter (mail filter) response is
+unavailable (for example, bad Postfix configuration or Milter
+failure).
+.IP "\fBmilter_macro_daemon_name ($myhostname)\fR"
+The {daemon_name} macro value for Milter (mail filter) applications.
+.IP "\fBmilter_macro_v ($mail_name $mail_version)\fR"
+The {v} macro value for Milter (mail filter) applications.
+.IP "\fBmilter_connect_timeout (30s)\fR"
+The time limit for connecting to a Milter (mail filter)
+application, and for negotiating protocol options.
+.IP "\fBmilter_command_timeout (30s)\fR"
+The time limit for sending an SMTP command to a Milter (mail
+filter) application, and for receiving the response.
+.IP "\fBmilter_content_timeout (300s)\fR"
+The time limit for sending message content to a Milter (mail
+filter) application, and for receiving the response.
+.IP "\fBmilter_connect_macros (see 'postconf -d' output)\fR"
+The macros that are sent to Milter (mail filter) applications
+after completion of an SMTP connection.
+.IP "\fBmilter_helo_macros (see 'postconf -d' output)\fR"
+The macros that are sent to Milter (mail filter) applications
+after the SMTP HELO or EHLO command.
+.IP "\fBmilter_mail_macros (see 'postconf -d' output)\fR"
+The macros that are sent to Milter (mail filter) applications
+after the SMTP MAIL FROM command.
+.IP "\fBmilter_rcpt_macros (see 'postconf -d' output)\fR"
+The macros that are sent to Milter (mail filter) applications
+after the SMTP RCPT TO command.
+.IP "\fBmilter_data_macros (see 'postconf -d' output)\fR"
+The macros that are sent to version 4 or higher Milter (mail
+filter) applications after the SMTP DATA command.
+.IP "\fBmilter_unknown_command_macros (see 'postconf -d' output)\fR"
+The macros that are sent to version 3 or higher Milter (mail
+filter) applications after an unknown SMTP command.
+.IP "\fBmilter_end_of_header_macros (see 'postconf -d' output)\fR"
+The macros that are sent to Milter (mail filter) applications
+after the end of the message header.
+.IP "\fBmilter_end_of_data_macros (see 'postconf -d' output)\fR"
+The macros that are sent to Milter (mail filter) applications
+after the message end\-of\-data.
+.PP
+Available in Postfix version 3.1 and later:
+.IP "\fBmilter_macro_defaults (empty)\fR"
+Optional list of \fIname=value\fR pairs that specify default
+values for arbitrary macros that Postfix may send to Milter
+applications.
+.PP
+Available in Postfix version 3.2 and later:
+.IP "\fBsmtpd_milter_maps (empty)\fR"
+Lookup tables with Milter settings per remote SMTP client IP
+address.
+.SH "GENERAL CONTENT INSPECTION CONTROLS"
+.na
+.nf
+.ad
+.fi
+The following parameters are applicable for both built\-in
+and external content filters.
+.PP
+Available in Postfix version 2.1 and later:
+.IP "\fBreceive_override_options (empty)\fR"
+Enable or disable recipient validation, built\-in content
+filtering, or address mapping.
+.SH "EXTERNAL CONTENT INSPECTION CONTROLS"
+.na
+.nf
+.ad
+.fi
+The following parameters are applicable for both before\-queue
+and after\-queue content filtering.
+.PP
+Available in Postfix version 2.1 and later:
+.IP "\fBsmtpd_authorized_xforward_hosts (empty)\fR"
+What remote SMTP clients are allowed to use the XFORWARD feature.
+.SH "SASL AUTHENTICATION CONTROLS"
+.na
+.nf
+.ad
+.fi
+Postfix SASL support (RFC 4954) can be used to authenticate remote
+SMTP clients to the Postfix SMTP server, and to authenticate the
+Postfix SMTP client to a remote SMTP server.
+See the SASL_README document for details.
+.IP "\fBbroken_sasl_auth_clients (no)\fR"
+Enable interoperability with remote SMTP clients that implement an obsolete
+version of the AUTH command (RFC 4954).
+.IP "\fBsmtpd_sasl_auth_enable (no)\fR"
+Enable SASL authentication in the Postfix SMTP server.
+.IP "\fBsmtpd_sasl_local_domain (empty)\fR"
+The name of the Postfix SMTP server's local SASL authentication
+realm.
+.IP "\fBsmtpd_sasl_security_options (noanonymous)\fR"
+Postfix SMTP server SASL security options; as of Postfix 2.3
+the list of available
+features depends on the SASL server implementation that is selected
+with \fBsmtpd_sasl_type\fR.
+.IP "\fBsmtpd_sender_login_maps (empty)\fR"
+Optional lookup table with the SASL login names that own the sender
+(MAIL FROM) addresses.
+.PP
+Available in Postfix version 2.1 and later:
+.IP "\fBsmtpd_sasl_exceptions_networks (empty)\fR"
+What remote SMTP clients the Postfix SMTP server will not offer
+AUTH support to.
+.PP
+Available in Postfix version 2.1 and 2.2:
+.IP "\fBsmtpd_sasl_application_name (smtpd)\fR"
+The application name that the Postfix SMTP server uses for SASL
+server initialization.
+.PP
+Available in Postfix version 2.3 and later:
+.IP "\fBsmtpd_sasl_authenticated_header (no)\fR"
+Report the SASL authenticated user name in the \fBsmtpd\fR(8) Received
+message header.
+.IP "\fBsmtpd_sasl_path (smtpd)\fR"
+Implementation\-specific information that the Postfix SMTP server
+passes through to
+the SASL plug\-in implementation that is selected with
+\fBsmtpd_sasl_type\fR.
+.IP "\fBsmtpd_sasl_type (cyrus)\fR"
+The SASL plug\-in type that the Postfix SMTP server should use
+for authentication.
+.PP
+Available in Postfix version 2.5 and later:
+.IP "\fBcyrus_sasl_config_path (empty)\fR"
+Search path for Cyrus SASL application configuration files,
+currently used only to locate the $smtpd_sasl_path.conf file.
+.PP
+Available in Postfix version 2.11 and later:
+.IP "\fBsmtpd_sasl_service (smtp)\fR"
+The service name that is passed to the SASL plug\-in that is
+selected with \fBsmtpd_sasl_type\fR and \fBsmtpd_sasl_path\fR.
+.PP
+Available in Postfix version 3.4 and later:
+.IP "\fBsmtpd_sasl_response_limit (12288)\fR"
+The maximum length of a SASL client's response to a server challenge.
+.PP
+Available in Postfix 3.6 and later:
+.IP "\fBsmtpd_sasl_mechanism_filter (!external, static:rest)\fR"
+If non\-empty, a filter for the SASL mechanism names that the
+Postfix SMTP server will announce in the EHLO response.
+.SH "STARTTLS SUPPORT CONTROLS"
+.na
+.nf
+.ad
+.fi
+Detailed information about STARTTLS configuration may be
+found in the TLS_README document.
+.IP "\fBsmtpd_tls_security_level (empty)\fR"
+The SMTP TLS security level for the Postfix SMTP server; when
+a non\-empty value is specified, this overrides the obsolete parameters
+smtpd_use_tls and smtpd_enforce_tls.
+.IP "\fBsmtpd_sasl_tls_security_options ($smtpd_sasl_security_options)\fR"
+The SASL authentication security options that the Postfix SMTP
+server uses for TLS encrypted SMTP sessions.
+.IP "\fBsmtpd_starttls_timeout (see 'postconf -d' output)\fR"
+The time limit for Postfix SMTP server write and read operations
+during TLS startup and shutdown handshake procedures.
+.IP "\fBsmtpd_tls_CAfile (empty)\fR"
+A file containing (PEM format) CA certificates of root CAs trusted
+to sign either remote SMTP client certificates or intermediate CA
+certificates.
+.IP "\fBsmtpd_tls_CApath (empty)\fR"
+A directory containing (PEM format) CA certificates of root CAs
+trusted to sign either remote SMTP client certificates or intermediate CA
+certificates.
+.IP "\fBsmtpd_tls_always_issue_session_ids (yes)\fR"
+Force the Postfix SMTP server to issue a TLS session id, even
+when TLS session caching is turned off (smtpd_tls_session_cache_database
+is empty).
+.IP "\fBsmtpd_tls_ask_ccert (no)\fR"
+Ask a remote SMTP client for a client certificate.
+.IP "\fBsmtpd_tls_auth_only (no)\fR"
+When TLS encryption is optional in the Postfix SMTP server, do
+not announce or accept SASL authentication over unencrypted
+connections.
+.IP "\fBsmtpd_tls_ccert_verifydepth (9)\fR"
+The verification depth for remote SMTP client certificates.
+.IP "\fBsmtpd_tls_cert_file (empty)\fR"
+File with the Postfix SMTP server RSA certificate in PEM format.
+.IP "\fBsmtpd_tls_exclude_ciphers (empty)\fR"
+List of ciphers or cipher types to exclude from the SMTP server
+cipher list at all TLS security levels.
+.IP "\fBsmtpd_tls_dcert_file (empty)\fR"
+File with the Postfix SMTP server DSA certificate in PEM format.
+.IP "\fBsmtpd_tls_dh1024_param_file (empty)\fR"
+File with DH parameters that the Postfix SMTP server should
+use with non\-export EDH ciphers.
+.IP "\fBsmtpd_tls_dh512_param_file (empty)\fR"
+File with DH parameters that the Postfix SMTP server should
+use with export\-grade EDH ciphers.
+.IP "\fBsmtpd_tls_dkey_file ($smtpd_tls_dcert_file)\fR"
+File with the Postfix SMTP server DSA private key in PEM format.
+.IP "\fBsmtpd_tls_key_file ($smtpd_tls_cert_file)\fR"
+File with the Postfix SMTP server RSA private key in PEM format.
+.IP "\fBsmtpd_tls_loglevel (0)\fR"
+Enable additional Postfix SMTP server logging of TLS activity.
+.IP "\fBsmtpd_tls_mandatory_ciphers (medium)\fR"
+The minimum TLS cipher grade that the Postfix SMTP server will
+use with mandatory TLS encryption.
+.IP "\fBsmtpd_tls_mandatory_exclude_ciphers (empty)\fR"
+Additional list of ciphers or cipher types to exclude from the
+Postfix SMTP server cipher list at mandatory TLS security levels.
+.IP "\fBsmtpd_tls_mandatory_protocols (see 'postconf -d' output)\fR"
+TLS protocols accepted by the Postfix SMTP server with mandatory TLS
+encryption.
+.IP "\fBsmtpd_tls_received_header (no)\fR"
+Request that the Postfix SMTP server produces Received: message
+headers that include information about the protocol and cipher used,
+as well as the remote SMTP client CommonName and client certificate issuer
+CommonName.
+.IP "\fBsmtpd_tls_req_ccert (no)\fR"
+With mandatory TLS encryption, require a trusted remote SMTP client
+certificate in order to allow TLS connections to proceed.
+.IP "\fBsmtpd_tls_wrappermode (no)\fR"
+Run the Postfix SMTP server in TLS "wrapper" mode,
+instead of using the STARTTLS command.
+.IP "\fBtls_daemon_random_bytes (32)\fR"
+The number of pseudo\-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8)
+process requests from the \fBtlsmgr\fR(8) server in order to seed its
+internal pseudo random number generator (PRNG).
+.IP "\fBtls_high_cipherlist (see 'postconf -d' output)\fR"
+The OpenSSL cipherlist for "high" grade ciphers.
+.IP "\fBtls_medium_cipherlist (see 'postconf -d' output)\fR"
+The OpenSSL cipherlist for "medium" or higher grade ciphers.
+.IP "\fBtls_null_cipherlist (eNULL:!aNULL)\fR"
+The OpenSSL cipherlist for "NULL" grade ciphers that provide
+authentication without encryption.
+.PP
+Available in Postfix version 2.3..3.7:
+.IP "\fBtls_low_cipherlist (see 'postconf -d' output)\fR"
+The OpenSSL cipherlist for "low" or higher grade ciphers.
+.IP "\fBtls_export_cipherlist (see 'postconf -d' output)\fR"
+The OpenSSL cipherlist for "export" or higher grade ciphers.
+.PP
+Available in Postfix version 2.5 and later:
+.IP "\fBsmtpd_tls_fingerprint_digest (see 'postconf -d' output)\fR"
+The message digest algorithm to construct remote SMTP client\-certificate
+fingerprints or public key fingerprints (Postfix 2.9 and later) for
+\fBcheck_ccert_access\fR and \fBpermit_tls_clientcerts\fR.
+.PP
+Available in Postfix version 2.6 and later:
+.IP "\fBsmtpd_tls_protocols (see postconf -d output)\fR"
+TLS protocols accepted by the Postfix SMTP server with opportunistic
+TLS encryption.
+.IP "\fBsmtpd_tls_ciphers (medium)\fR"
+The minimum TLS cipher grade that the Postfix SMTP server
+will use with opportunistic TLS encryption.
+.IP "\fBsmtpd_tls_eccert_file (empty)\fR"
+File with the Postfix SMTP server ECDSA certificate in PEM format.
+.IP "\fBsmtpd_tls_eckey_file ($smtpd_tls_eccert_file)\fR"
+File with the Postfix SMTP server ECDSA private key in PEM format.
+.IP "\fBsmtpd_tls_eecdh_grade (see 'postconf -d' output)\fR"
+The Postfix SMTP server security grade for ephemeral elliptic\-curve
+Diffie\-Hellman (EECDH) key exchange.
+.IP "\fBtls_eecdh_strong_curve (prime256v1)\fR"
+The elliptic curve used by the Postfix SMTP server for sensibly
+strong
+ephemeral ECDH key exchange.
+.IP "\fBtls_eecdh_ultra_curve (secp384r1)\fR"
+The elliptic curve used by the Postfix SMTP server for maximally
+strong
+ephemeral ECDH key exchange.
+.PP
+Available in Postfix version 2.8 and later:
+.IP "\fBtls_preempt_cipherlist (no)\fR"
+With SSLv3 and later, use the Postfix SMTP server's cipher
+preference order instead of the remote client's cipher preference
+order.
+.IP "\fBtls_disable_workarounds (see 'postconf -d' output)\fR"
+List or bit\-mask of OpenSSL bug work\-arounds to disable.
+.PP
+Available in Postfix version 2.11 and later:
+.IP "\fBtlsmgr_service_name (tlsmgr)\fR"
+The name of the \fBtlsmgr\fR(8) service entry in master.cf.
+.PP
+Available in Postfix version 3.0 and later:
+.IP "\fBtls_session_ticket_cipher (Postfix >= 3.0: aes\-256\-cbc, Postfix < 3.0: aes\-128\-cbc)\fR"
+Algorithm used to encrypt RFC5077 TLS session tickets.
+.PP
+Available in Postfix version 3.2 and later:
+.IP "\fBtls_eecdh_auto_curves (see 'postconf -d' output)\fR"
+The prioritized list of elliptic curves supported by the Postfix
+SMTP client and server.
+.PP
+Available in Postfix version 3.4 and later:
+.IP "\fBsmtpd_tls_chain_files (empty)\fR"
+List of one or more PEM files, each holding one or more private keys
+directly followed by a corresponding certificate chain.
+.IP "\fBtls_server_sni_maps (empty)\fR"
+Optional lookup tables that map names received from remote SMTP
+clients via the TLS Server Name Indication (SNI) extension to the
+appropriate keys and certificate chains.
+.PP
+Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
+.IP "\fBtls_fast_shutdown_enable (yes)\fR"
+A workaround for implementations that hang Postfix while shutting
+down a TLS session, until Postfix times out.
+.PP
+Available in Postfix version 3.8 and later:
+.IP "\fBtls_ffdhe_auto_groups (see 'postconf -d' output)\fR"
+The prioritized list of finite\-field Diffie\-Hellman ephemeral
+(FFDHE) key exchange groups supported by the Postfix SMTP client and
+server.
+.PP
+Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later:
+.IP "\fBtls_config_file (default)\fR"
+Optional configuration file with baseline OpenSSL settings.
+.IP "\fBtls_config_name (empty)\fR"
+The application name passed by Postfix to OpenSSL library
+initialization functions.
+.SH "OBSOLETE STARTTLS CONTROLS"
+.na
+.nf
+.ad
+.fi
+The following configuration parameters exist for compatibility
+with Postfix versions before 2.3. Support for these will
+be removed in a future release.
+.IP "\fBsmtpd_use_tls (no)\fR"
+Opportunistic TLS: announce STARTTLS support to remote SMTP clients,
+but do not require that clients use TLS encryption.
+.IP "\fBsmtpd_enforce_tls (no)\fR"
+Mandatory TLS: announce STARTTLS support to remote SMTP clients,
+and require that clients use TLS encryption.
+.IP "\fBsmtpd_tls_cipherlist (empty)\fR"
+Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS
+cipher list.
+.SH "SMTPUTF8 CONTROLS"
+.na
+.nf
+.ad
+.fi
+Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
+.IP "\fBsmtputf8_enable (yes)\fR"
+Enable preliminary SMTPUTF8 support for the protocols described
+in RFC 6531, RFC 6532, and RFC 6533.
+.IP "\fBstrict_smtputf8 (no)\fR"
+Enable stricter enforcement of the SMTPUTF8 protocol.
+.IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR"
+Detect that a message requires SMTPUTF8 support for the specified
+mail origin classes.
+.PP
+Available in Postfix version 3.2 and later:
+.IP "\fBenable_idna2003_compatibility (no)\fR"
+Enable 'transitional' compatibility between IDNA2003 and IDNA2008,
+when converting UTF\-8 domain names to/from the ASCII form that is
+used for DNS lookups.
+.SH "VERP SUPPORT CONTROLS"
+.na
+.nf
+.ad
+.fi
+With VERP style delivery, each recipient of a message receives a
+customized copy of the message with his/her own recipient address
+encoded in the envelope sender address. The VERP_README file
+describes configuration and operation details of Postfix support
+for variable envelope return path addresses. VERP style delivery
+is requested with the SMTP XVERP command or with the "sendmail
+\-V" command\-line option and is available in Postfix version 1.1
+and later.
+.IP "\fBdefault_verp_delimiters (+=)\fR"
+The two default VERP delimiter characters.
+.IP "\fBverp_delimiter_filter (\-=+)\fR"
+The characters Postfix accepts as VERP delimiter characters on the
+Postfix \fBsendmail\fR(1) command line and in SMTP commands.
+.PP
+Available in Postfix version 1.1 and 2.0:
+.IP "\fBauthorized_verp_clients ($mynetworks)\fR"
+What remote SMTP clients are allowed to specify the XVERP command.
+.PP
+Available in Postfix version 2.1 and later:
+.IP "\fBsmtpd_authorized_verp_clients ($authorized_verp_clients)\fR"
+What remote SMTP clients are allowed to specify the XVERP command.
+.SH "TROUBLE SHOOTING CONTROLS"
+.na
+.nf
+.ad
+.fi
+The DEBUG_README document describes how to debug parts of the
+Postfix mail system. The methods vary from making the software log
+a lot of detail, to running some daemon processes under control of
+a call tracer or debugger.
+.IP "\fBdebug_peer_level (2)\fR"
+The increment in verbose logging level when a nexthop destination,
+remote client or server name or network address matches a pattern
+given with the debug_peer_list parameter.
+.IP "\fBdebug_peer_list (empty)\fR"
+Optional list of nexthop destination, remote client or server
+name or network address patterns that, if matched, cause the verbose
+logging level to increase by the amount specified in $debug_peer_level.
+.IP "\fBerror_notice_recipient (postmaster)\fR"
+The recipient of postmaster notifications about mail delivery
+problems that are caused by policy, resource, software or protocol
+errors.
+.IP "\fBinternal_mail_filter_classes (empty)\fR"
+What categories of Postfix\-generated mail are subject to
+before\-queue content inspection by non_smtpd_milters, header_checks
+and body_checks.
+.IP "\fBnotify_classes (resource, software)\fR"
+The list of error classes that are reported to the postmaster.
+.IP "\fBsmtpd_reject_footer (empty)\fR"
+Optional information that is appended after each Postfix SMTP
+server
+4XX or 5XX response.
+.IP "\fBsoft_bounce (no)\fR"
+Safety net to keep mail queued that would otherwise be returned to
+the sender.
+.PP
+Available in Postfix version 2.1 and later:
+.IP "\fBsmtpd_authorized_xclient_hosts (empty)\fR"
+What remote SMTP clients are allowed to use the XCLIENT feature.
+.PP
+Available in Postfix version 2.10 and later:
+.IP "\fBsmtpd_log_access_permit_actions (empty)\fR"
+Enable logging of the named "permit" actions in SMTP server
+access lists (by default, the SMTP server logs "reject" actions but
+not "permit" actions).
+.SH "KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS"
+.na
+.nf
+.ad
+.fi
+As of Postfix version 2.0, the SMTP server rejects mail for
+unknown recipients. This prevents the mail queue from clogging up
+with undeliverable MAILER\-DAEMON messages. Additional information
+on this topic is in the LOCAL_RECIPIENT_README and ADDRESS_CLASS_README
+documents.
+.IP "\fBshow_user_unknown_table_name (yes)\fR"
+Display the name of the recipient table in the "User unknown"
+responses.
+.IP "\fBcanonical_maps (empty)\fR"
+Optional address mapping lookup tables for message headers and
+envelopes.
+.IP "\fBrecipient_canonical_maps (empty)\fR"
+Optional address mapping lookup tables for envelope and header
+recipient addresses.
+.IP "\fBsender_canonical_maps (empty)\fR"
+Optional address mapping lookup tables for envelope and header
+sender addresses.
+.PP
+Parameters concerning known/unknown local recipients:
+.IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR"
+The list of domains that are delivered via the $local_transport
+mail delivery transport.
+.IP "\fBinet_interfaces (all)\fR"
+The local network interface addresses that this mail system receives
+mail on.
+.IP "\fBproxy_interfaces (empty)\fR"
+The remote network interface addresses that this mail system receives mail
+on by way of a proxy or network address translation unit.
+.IP "\fBinet_protocols (see 'postconf -d output')\fR"
+The Internet protocols Postfix will attempt to use when making
+or accepting connections.
+.IP "\fBlocal_recipient_maps (proxy:unix:passwd.byname $alias_maps)\fR"
+Lookup tables with all names or addresses of local recipients:
+a recipient address is local when its domain matches $mydestination,
+$inet_interfaces or $proxy_interfaces.
+.IP "\fBunknown_local_recipient_reject_code (550)\fR"
+The numerical Postfix SMTP server response code when a recipient
+address is local, and $local_recipient_maps specifies a list of
+lookup tables that does not match the recipient.
+.PP
+Parameters concerning known/unknown recipients of relay destinations:
+.IP "\fBrelay_domains (Postfix >= 3.0: empty, Postfix < 3.0: $mydestination)\fR"
+What destination domains (and subdomains thereof) this system
+will relay mail to.
+.IP "\fBrelay_recipient_maps (empty)\fR"
+Optional lookup tables with all valid addresses in the domains
+that match $relay_domains.
+.IP "\fBunknown_relay_recipient_reject_code (550)\fR"
+The numerical Postfix SMTP server reply code when a recipient
+address matches $relay_domains, and relay_recipient_maps specifies
+a list of lookup tables that does not match the recipient address.
+.PP
+Parameters concerning known/unknown recipients in virtual alias
+domains:
+.IP "\fBvirtual_alias_domains ($virtual_alias_maps)\fR"
+Postfix is the final destination for the specified list of virtual
+alias domains, that is, domains for which all addresses are aliased
+to addresses in other local or remote domains.
+.IP "\fBvirtual_alias_maps ($virtual_maps)\fR"
+Optional lookup tables that alias specific mail addresses or domains
+to other local or remote addresses.
+.IP "\fBunknown_virtual_alias_reject_code (550)\fR"
+The Postfix SMTP server reply code when a recipient address matches
+$virtual_alias_domains, and $virtual_alias_maps specifies a list
+of lookup tables that does not match the recipient address.
+.PP
+Parameters concerning known/unknown recipients in virtual mailbox
+domains:
+.IP "\fBvirtual_mailbox_domains ($virtual_mailbox_maps)\fR"
+Postfix is the final destination for the specified list of domains;
+mail is delivered via the $virtual_transport mail delivery transport.
+.IP "\fBvirtual_mailbox_maps (empty)\fR"
+Optional lookup tables with all valid addresses in the domains that
+match $virtual_mailbox_domains.
+.IP "\fBunknown_virtual_mailbox_reject_code (550)\fR"
+The Postfix SMTP server reply code when a recipient address matches
+$virtual_mailbox_domains, and $virtual_mailbox_maps specifies a list
+of lookup tables that does not match the recipient address.
+.SH "RESOURCE AND RATE CONTROLS"
+.na
+.nf
+.ad
+.fi
+The following parameters limit resource usage by the SMTP
+server and/or control client request rates.
+.IP "\fBline_length_limit (2048)\fR"
+Upon input, long lines are chopped up into pieces of at most
+this length; upon delivery, long lines are reconstructed.
+.IP "\fBqueue_minfree (0)\fR"
+The minimal amount of free space in bytes in the queue file system
+that is needed to receive mail.
+.IP "\fBmessage_size_limit (10240000)\fR"
+The maximal size in bytes of a message, including envelope information.
+.IP "\fBsmtpd_recipient_limit (1000)\fR"
+The maximal number of recipients that the Postfix SMTP server
+accepts per message delivery request.
+.IP "\fBsmtpd_timeout (normal: 300s, overload: 10s)\fR"
+When the Postfix SMTP server wants to send an SMTP server
+response, how long the Postfix SMTP server will wait for an underlying
+network write operation to complete; and when the Postfix SMTP
+server Postfix wants to receive an SMTP client request, how long
+the Postfix SMTP server will wait for an underlying network read
+operation to complete.
+.IP "\fBsmtpd_history_flush_threshold (100)\fR"
+The maximal number of lines in the Postfix SMTP server command history
+before it is flushed upon receipt of EHLO, RSET, or end of DATA.
+.PP
+Available in Postfix version 2.3 and later:
+.IP "\fBsmtpd_peername_lookup (yes)\fR"
+Attempt to look up the remote SMTP client hostname, and verify that
+the name matches the client IP address.
+.PP
+The per SMTP client connection count and request rate limits are
+implemented in co\-operation with the \fBanvil\fR(8) service, and
+are available in Postfix version 2.2 and later.
+.IP "\fBsmtpd_client_connection_count_limit (50)\fR"
+How many simultaneous connections any client is allowed to
+make to this service.
+.IP "\fBsmtpd_client_connection_rate_limit (0)\fR"
+The maximal number of connection attempts any client is allowed to
+make to this service per time unit.
+.IP "\fBsmtpd_client_message_rate_limit (0)\fR"
+The maximal number of message delivery requests that any client is
+allowed to make to this service per time unit, regardless of whether
+or not Postfix actually accepts those messages.
+.IP "\fBsmtpd_client_recipient_rate_limit (0)\fR"
+The maximal number of recipient addresses that any client is allowed
+to send to this service per time unit, regardless of whether or not
+Postfix actually accepts those recipients.
+.IP "\fBsmtpd_client_event_limit_exceptions ($mynetworks)\fR"
+Clients that are excluded from smtpd_client_*_count/rate_limit
+restrictions.
+.PP
+Available in Postfix version 2.3 and later:
+.IP "\fBsmtpd_client_new_tls_session_rate_limit (0)\fR"
+The maximal number of new (i.e., uncached) TLS sessions that a
+remote SMTP client is allowed to negotiate with this service per
+time unit.
+.PP
+Available in Postfix version 2.9 \- 3.6:
+.IP "\fBsmtpd_per_record_deadline (normal: no, overload: yes)\fR"
+Change the behavior of the smtpd_timeout and smtpd_starttls_timeout
+time limits, from a
+time limit per read or write system call, to a time limit to send
+or receive a complete record (an SMTP command line, SMTP response
+line, SMTP message content line, or TLS protocol message).
+.PP
+Available in Postfix version 3.1 and later:
+.IP "\fBsmtpd_client_auth_rate_limit (0)\fR"
+The maximal number of AUTH commands that any client is allowed to
+send to this service per time unit, regardless of whether or not
+Postfix actually accepts those commands.
+.PP
+Available in Postfix version 3.7 and later:
+.IP "\fBsmtpd_per_request_deadline (normal: no, overload: yes)\fR"
+Change the behavior of the smtpd_timeout and smtpd_starttls_timeout
+time limits, from a time limit per plaintext or TLS read or write
+call, to a combined time limit for receiving a complete SMTP request
+and for sending a complete SMTP response.
+.IP "\fBsmtpd_min_data_rate (500)\fR"
+The minimum plaintext data transfer rate in bytes/second for
+DATA and BDAT requests, when deadlines are enabled with
+smtpd_per_request_deadline.
+.IP "\fBheader_from_format (standard)\fR"
+The format of the Postfix\-generated \fBFrom:\fR header.
+.PP
+Available in Postfix version 3.8 and later:
+.IP "\fBsmtpd_client_ipv4_prefix_length (32)\fR"
+Aggregate smtpd_client_*_count and smtpd_client_*_rate statistics
+by IPv4 network blocks with the specified network prefix.
+.IP "\fBsmtpd_client_ipv6_prefix_length (84)\fR"
+Aggregate smtpd_client_*_count and smtpd_client_*_rate statistics
+by IPv6 network blocks with the specified network prefix.
+.PP
+Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later:
+.IP "\fBsmtpd_forbid_unauth_pipelining (Postfix >= 3.9: yes)\fR"
+Disconnect remote SMTP clients that violate RFC 2920 (or 5321)
+command pipelining constraints.
+.PP
+Available in Postfix 3.9, 3.8.4, 3.7.9, 3.6.13, 3.5.23 and later:
+.IP "\fBsmtpd_forbid_bare_newline (Postfix < 3.9: no)\fR"
+Reject or restrict input lines from an SMTP client that end in
+<LF> instead of the standard <CR><LF>.
+.IP "\fBsmtpd_forbid_bare_newline_exclusions ($mynetworks)\fR"
+Exclude the specified clients from smtpd_forbid_bare_newline
+enforcement.
+.PP
+Available in Postfix 3.9, 3.8.5, 3.7.10, 3.6.14, 3.5.24 and
+later:
+.IP "\fBsmtpd_forbid_bare_newline_reject_code (550)\fR"
+The numerical Postfix SMTP server response code when rejecting a
+request with "smtpd_forbid_bare_newline = reject".
+.SH "TARPIT CONTROLS"
+.na
+.nf
+.ad
+.fi
+When a remote SMTP client makes errors, the Postfix SMTP server
+can insert delays before responding. This can help to slow down
+run\-away software. The behavior is controlled by an error counter
+that counts the number of errors within an SMTP session that a
+client makes without delivering mail.
+.IP "\fBsmtpd_error_sleep_time (1s)\fR"
+With Postfix version 2.1 and later: the SMTP server response delay after
+a client has made more than $smtpd_soft_error_limit errors, and
+fewer than $smtpd_hard_error_limit errors, without delivering mail.
+.IP "\fBsmtpd_soft_error_limit (10)\fR"
+The number of errors a remote SMTP client is allowed to make without
+delivering mail before the Postfix SMTP server slows down all its
+responses.
+.IP "\fBsmtpd_hard_error_limit (normal: 20, overload: 1)\fR"
+The maximal number of errors a remote SMTP client is allowed to
+make without delivering mail.
+.IP "\fBsmtpd_junk_command_limit (normal: 100, overload: 1)\fR"
+The number of junk commands (NOOP, VRFY, ETRN or RSET) that a remote
+SMTP client can send before the Postfix SMTP server starts to
+increment the error counter with each junk command.
+.PP
+Available in Postfix version 2.1 and later:
+.IP "\fBsmtpd_recipient_overshoot_limit (1000)\fR"
+The number of recipients that a remote SMTP client can send in
+excess of the limit specified with $smtpd_recipient_limit, before
+the Postfix SMTP server increments the per\-session error count
+for each excess recipient.
+.SH "ACCESS POLICY DELEGATION CONTROLS"
+.na
+.nf
+.ad
+.fi
+As of version 2.1, Postfix can be configured to delegate access
+policy decisions to an external server that runs outside Postfix.
+See the file SMTPD_POLICY_README for more information.
+.IP "\fBsmtpd_policy_service_max_idle (300s)\fR"
+The time after which an idle SMTPD policy service connection is
+closed.
+.IP "\fBsmtpd_policy_service_max_ttl (1000s)\fR"
+The time after which an active SMTPD policy service connection is
+closed.
+.IP "\fBsmtpd_policy_service_timeout (100s)\fR"
+The time limit for connecting to, writing to, or receiving from a
+delegated SMTPD policy server.
+.PP
+Available in Postfix version 3.0 and later:
+.IP "\fBsmtpd_policy_service_default_action (451 4.3.5 Server configuration problem)\fR"
+The default action when an SMTPD policy service request fails.
+.IP "\fBsmtpd_policy_service_request_limit (0)\fR"
+The maximal number of requests per SMTPD policy service connection,
+or zero (no limit).
+.IP "\fBsmtpd_policy_service_try_limit (2)\fR"
+The maximal number of attempts to send an SMTPD policy service
+request before giving up.
+.IP "\fBsmtpd_policy_service_retry_delay (1s)\fR"
+The delay between attempts to resend a failed SMTPD policy
+service request.
+.PP
+Available in Postfix version 3.1 and later:
+.IP "\fBsmtpd_policy_service_policy_context (empty)\fR"
+Optional information that the Postfix SMTP server specifies in
+the "policy_context" attribute of a policy service request (originally,
+to share the same service endpoint among multiple check_policy_service
+clients).
+.SH "ACCESS CONTROLS"
+.na
+.nf
+.ad
+.fi
+The SMTPD_ACCESS_README document gives an introduction to all the
+SMTP server access control features.
+.IP "\fBsmtpd_delay_reject (yes)\fR"
+Wait until the RCPT TO command before evaluating
+$smtpd_client_restrictions, $smtpd_helo_restrictions and
+$smtpd_sender_restrictions, or wait until the ETRN command before
+evaluating $smtpd_client_restrictions and $smtpd_helo_restrictions.
+.IP "\fBparent_domain_matches_subdomains (see 'postconf -d' output)\fR"
+A list of Postfix features where the pattern "example.com" also
+matches subdomains of example.com,
+instead of requiring an explicit ".example.com" pattern.
+.IP "\fBsmtpd_client_restrictions (empty)\fR"
+Optional restrictions that the Postfix SMTP server applies in the
+context of a client connection request.
+.IP "\fBsmtpd_helo_required (no)\fR"
+Require that a remote SMTP client introduces itself with the HELO
+or EHLO command before sending the MAIL command or other commands
+that require EHLO negotiation.
+.IP "\fBsmtpd_helo_restrictions (empty)\fR"
+Optional restrictions that the Postfix SMTP server applies in the
+context of a client HELO command.
+.IP "\fBsmtpd_sender_restrictions (empty)\fR"
+Optional restrictions that the Postfix SMTP server applies in the
+context of a client MAIL FROM command.
+.IP "\fBsmtpd_recipient_restrictions (see 'postconf -d' output)\fR"
+Optional restrictions that the Postfix SMTP server applies in the
+context of a client RCPT TO command, after smtpd_relay_restrictions.
+.IP "\fBsmtpd_etrn_restrictions (empty)\fR"
+Optional restrictions that the Postfix SMTP server applies in the
+context of a client ETRN command.
+.IP "\fBallow_untrusted_routing (no)\fR"
+Forward mail with sender\-specified routing (user[@%!]remote[@%!]site)
+from untrusted clients to destinations matching $relay_domains.
+.IP "\fBsmtpd_restriction_classes (empty)\fR"
+User\-defined aliases for groups of access restrictions.
+.IP "\fBsmtpd_null_access_lookup_key (<>)\fR"
+The lookup key to be used in SMTP \fBaccess\fR(5) tables instead of the
+null sender address.
+.IP "\fBpermit_mx_backup_networks (empty)\fR"
+Restrict the use of the permit_mx_backup SMTP access feature to
+only domains whose primary MX hosts match the listed networks.
+.PP
+Available in Postfix version 2.0 and later:
+.IP "\fBsmtpd_data_restrictions (empty)\fR"
+Optional access restrictions that the Postfix SMTP server applies
+in the context of the SMTP DATA command.
+.IP "\fBsmtpd_expansion_filter (see 'postconf -d' output)\fR"
+What characters are allowed in $name expansions of RBL reply
+templates.
+.PP
+Available in Postfix version 2.1 and later:
+.IP "\fBsmtpd_reject_unlisted_sender (no)\fR"
+Request that the Postfix SMTP server rejects mail from unknown
+sender addresses, even when no explicit reject_unlisted_sender
+access restriction is specified.
+.IP "\fBsmtpd_reject_unlisted_recipient (yes)\fR"
+Request that the Postfix SMTP server rejects mail for unknown
+recipient addresses, even when no explicit reject_unlisted_recipient
+access restriction is specified.
+.PP
+Available in Postfix version 2.2 and later:
+.IP "\fBsmtpd_end_of_data_restrictions (empty)\fR"
+Optional access restrictions that the Postfix SMTP server
+applies in the context of the SMTP END\-OF\-DATA command.
+.PP
+Available in Postfix version 2.10 and later:
+.IP "\fBsmtpd_relay_restrictions (permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination)\fR"
+Access restrictions for mail relay control that the Postfix
+SMTP server applies in the context of the RCPT TO command, before
+smtpd_recipient_restrictions.
+.SH "SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS"
+.na
+.nf
+.ad
+.fi
+Postfix version 2.1 introduces sender and recipient address verification.
+This feature is implemented by sending probe email messages that
+are not actually delivered.
+This feature is requested via the reject_unverified_sender and
+reject_unverified_recipient access restrictions. The status of
+verification probes is maintained by the \fBverify\fR(8) server.
+See the file ADDRESS_VERIFICATION_README for information
+about how to configure and operate the Postfix sender/recipient
+address verification service.
+.IP "\fBaddress_verify_poll_count (normal: 3, overload: 1)\fR"
+How many times to query the \fBverify\fR(8) service for the completion
+of an address verification request in progress.
+.IP "\fBaddress_verify_poll_delay (3s)\fR"
+The delay between queries for the completion of an address
+verification request in progress.
+.IP "\fBaddress_verify_sender ($double_bounce_sender)\fR"
+The sender address to use in address verification probes; prior
+to Postfix 2.5 the default was "postmaster".
+.IP "\fBunverified_sender_reject_code (450)\fR"
+The numerical Postfix SMTP server response code when a recipient
+address is rejected by the reject_unverified_sender restriction.
+.IP "\fBunverified_recipient_reject_code (450)\fR"
+The numerical Postfix SMTP server response when a recipient address
+is rejected by the reject_unverified_recipient restriction.
+.PP
+Available in Postfix version 2.6 and later:
+.IP "\fBunverified_sender_defer_code (450)\fR"
+The numerical Postfix SMTP server response code when a sender address
+probe fails due to a temporary error condition.
+.IP "\fBunverified_recipient_defer_code (450)\fR"
+The numerical Postfix SMTP server response when a recipient address
+probe fails due to a temporary error condition.
+.IP "\fBunverified_sender_reject_reason (empty)\fR"
+The Postfix SMTP server's reply when rejecting mail with
+reject_unverified_sender.
+.IP "\fBunverified_recipient_reject_reason (empty)\fR"
+The Postfix SMTP server's reply when rejecting mail with
+reject_unverified_recipient.
+.IP "\fBunverified_sender_tempfail_action ($reject_tempfail_action)\fR"
+The Postfix SMTP server's action when reject_unverified_sender
+fails due to a temporary error condition.
+.IP "\fBunverified_recipient_tempfail_action ($reject_tempfail_action)\fR"
+The Postfix SMTP server's action when reject_unverified_recipient
+fails due to a temporary error condition.
+.PP
+Available with Postfix 2.9 and later:
+.IP "\fBaddress_verify_sender_ttl (0s)\fR"
+The time between changes in the time\-dependent portion of address
+verification probe sender addresses.
+.SH "ACCESS CONTROL RESPONSES"
+.na
+.nf
+.ad
+.fi
+The following parameters control numerical SMTP reply codes
+and/or text responses.
+.IP "\fBaccess_map_reject_code (554)\fR"
+The numerical Postfix SMTP server response code for
+an \fBaccess\fR(5) map "reject" action.
+.IP "\fBdefer_code (450)\fR"
+The numerical Postfix SMTP server response code when a remote SMTP
+client request is rejected by the "defer" restriction.
+.IP "\fBinvalid_hostname_reject_code (501)\fR"
+The numerical Postfix SMTP server response code when the client
+HELO or EHLO command parameter is rejected by the reject_invalid_helo_hostname
+restriction.
+.IP "\fBmaps_rbl_reject_code (554)\fR"
+The numerical Postfix SMTP server response code when a remote SMTP
+client request is blocked by the reject_rbl_client, reject_rhsbl_client,
+reject_rhsbl_reverse_client, reject_rhsbl_sender or
+reject_rhsbl_recipient restriction.
+.IP "\fBnon_fqdn_reject_code (504)\fR"
+The numerical Postfix SMTP server reply code when a client request
+is rejected by the reject_non_fqdn_helo_hostname, reject_non_fqdn_sender
+or reject_non_fqdn_recipient restriction.
+.IP "\fBplaintext_reject_code (450)\fR"
+The numerical Postfix SMTP server response code when a request
+is rejected by the \fBreject_plaintext_session\fR restriction.
+.IP "\fBreject_code (554)\fR"
+The numerical Postfix SMTP server response code when a remote SMTP
+client request is rejected by the "reject" restriction.
+.IP "\fBrelay_domains_reject_code (554)\fR"
+The numerical Postfix SMTP server response code when a client
+request is rejected by the reject_unauth_destination recipient
+restriction.
+.IP "\fBunknown_address_reject_code (450)\fR"
+The numerical response code when the Postfix SMTP server rejects a
+sender or recipient address because its domain is unknown.
+.IP "\fBunknown_client_reject_code (450)\fR"
+The numerical Postfix SMTP server response code when a client
+without valid address <=> name mapping is rejected by the
+reject_unknown_client_hostname restriction.
+.IP "\fBunknown_hostname_reject_code (450)\fR"
+The numerical Postfix SMTP server response code when the hostname
+specified with the HELO or EHLO command is rejected by the
+reject_unknown_helo_hostname restriction.
+.PP
+Available in Postfix version 2.0 and later:
+.IP "\fBdefault_rbl_reply (see 'postconf -d' output)\fR"
+The default Postfix SMTP server response template for a request that is
+rejected by an RBL\-based restriction.
+.IP "\fBmulti_recipient_bounce_reject_code (550)\fR"
+The numerical Postfix SMTP server response code when a remote SMTP
+client request is blocked by the reject_multi_recipient_bounce
+restriction.
+.IP "\fBrbl_reply_maps (empty)\fR"
+Optional lookup tables with RBL response templates.
+.PP
+Available in Postfix version 2.6 and later:
+.IP "\fBaccess_map_defer_code (450)\fR"
+The numerical Postfix SMTP server response code for
+an \fBaccess\fR(5) map "defer" action, including "defer_if_permit"
+or "defer_if_reject".
+.IP "\fBreject_tempfail_action (defer_if_permit)\fR"
+The Postfix SMTP server's action when a reject\-type restriction
+fails due to a temporary error condition.
+.IP "\fBunknown_helo_hostname_tempfail_action ($reject_tempfail_action)\fR"
+The Postfix SMTP server's action when reject_unknown_helo_hostname
+fails due to a temporary error condition.
+.IP "\fBunknown_address_tempfail_action ($reject_tempfail_action)\fR"
+The Postfix SMTP server's action when reject_unknown_sender_domain
+or reject_unknown_recipient_domain fail due to a temporary error
+condition.
+.SH "MISCELLANEOUS CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBdaemon_timeout (18000s)\fR"
+How much time a Postfix daemon process may take to handle a
+request before it is terminated by a built\-in watchdog timer.
+.IP "\fBcommand_directory (see 'postconf -d' output)\fR"
+The location of all postfix administrative commands.
+.IP "\fBdouble_bounce_sender (double\-bounce)\fR"
+The sender address of postmaster notifications that are generated
+by the mail system.
+.IP "\fBipc_timeout (3600s)\fR"
+The time limit for sending or receiving information over an internal
+communication channel.
+.IP "\fBmail_name (Postfix)\fR"
+The mail system name that is displayed in Received: headers, in
+the SMTP greeting banner, and in bounced mail.
+.IP "\fBmail_owner (postfix)\fR"
+The UNIX system account that owns the Postfix queue and most Postfix
+daemon processes.
+.IP "\fBmax_idle (100s)\fR"
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
+.IP "\fBmax_use (100)\fR"
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
+.IP "\fBmyhostname (see 'postconf -d' output)\fR"
+The internet hostname of this mail system.
+.IP "\fBmynetworks (see 'postconf -d' output)\fR"
+The list of "trusted" remote SMTP clients that have more privileges than
+"strangers".
+.IP "\fBmyorigin ($myhostname)\fR"
+The domain name that locally\-posted mail appears to come
+from, and that locally posted mail is delivered to.
+.IP "\fBprocess_id (read\-only)\fR"
+The process ID of a Postfix command or daemon process.
+.IP "\fBprocess_name (read\-only)\fR"
+The process name of a Postfix command or daemon process.
+.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
+The location of the Postfix top\-level queue directory.
+.IP "\fBrecipient_delimiter (empty)\fR"
+The set of characters that can separate an email address
+localpart, user name, or a .forward file name from its extension.
+.IP "\fBsmtpd_banner ($myhostname ESMTP $mail_name)\fR"
+The text that follows the 220 status code in the SMTP greeting
+banner.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix version 2.2 and later:
+.IP "\fBsmtpd_forbidden_commands (CONNECT GET POST regexp:{{/^[^A\-Z]/ Bogus}})\fR"
+List of commands that cause the Postfix SMTP server to immediately
+terminate the session with a 221 code.
+.PP
+Available in Postfix version 2.5 and later:
+.IP "\fBsmtpd_client_port_logging (no)\fR"
+Enable logging of the remote SMTP client port in addition to
+the hostname and IP address.
+.PP
+Available in Postfix 3.3 and later:
+.IP "\fBservice_name (read\-only)\fR"
+The master.cf service name of a Postfix daemon process.
+.PP
+Available in Postfix 3.4 and later:
+.IP "\fBsmtpd_reject_footer_maps (empty)\fR"
+Lookup tables, indexed by the complete Postfix SMTP server 4xx or
+5xx response, with reject footer templates.
+.SH "SEE ALSO"
+.na
+.nf
+anvil(8), connection/rate limiting
+cleanup(8), message canonicalization
+tlsmgr(8), TLS session and PRNG management
+trivial\-rewrite(8), address resolver
+verify(8), address verification service
+postconf(5), configuration parameters
+master(5), generic daemon options
+master(8), process manager
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+ADDRESS_CLASS_README, blocking unknown hosted or relay recipients
+ADDRESS_REWRITING_README, Postfix address manipulation
+BDAT_README, Postfix CHUNKING support
+FILTER_README, external after\-queue content filter
+LOCAL_RECIPIENT_README, blocking unknown local recipients
+MILTER_README, before\-queue mail filter applications
+SMTPD_ACCESS_README, built\-in access policies
+SMTPD_POLICY_README, external policy server
+SMTPD_PROXY_README, external before\-queue content filter
+SASL_README, Postfix SASL howto
+TLS_README, Postfix STARTTLS howto
+VERP_README, Postfix XVERP extension
+XCLIENT_README, Postfix XCLIENT extension
+XFORWARD_README, Postfix XFORWARD extension
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
+
+SASL support originally by:
+Till Franke
+SuSE Rhein/Main AG
+65760 Eschborn, Germany
+
+TLS support originally by:
+Lutz Jaenicke
+BTU Cottbus
+Allgemeine Elektrotechnik
+Universitaetsplatz 3\-4
+D\-03044 Cottbus, Germany
+
+Revised TLS support by:
+Victor Duchovni
+Morgan Stanley
diff --git a/man/man8/spawn.8 b/man/man8/spawn.8
new file mode 100644
index 0000000..8baa440
--- /dev/null
+++ b/man/man8/spawn.8
@@ -0,0 +1,156 @@
+.TH SPAWN 8
+.ad
+.fi
+.SH NAME
+spawn
+\-
+Postfix external command spawner
+.SH "SYNOPSIS"
+.na
+.nf
+\fBspawn\fR [generic Postfix daemon options] command_attributes...
+.SH DESCRIPTION
+.ad
+.fi
+The \fBspawn\fR(8) daemon provides the Postfix equivalent
+of \fBinetd\fR.
+It listens on a port as specified in the Postfix \fBmaster.cf\fR file
+and spawns an external command whenever a connection is established.
+The connection can be made over local IPC (such as UNIX\-domain
+sockets) or over non\-local IPC (such as TCP sockets).
+The command's standard input, output and error streams are connected
+directly to the communication endpoint.
+
+This daemon expects to be run from the \fBmaster\fR(8) process
+manager.
+.SH "COMMAND ATTRIBUTE SYNTAX"
+.na
+.nf
+.ad
+.fi
+The external command attributes are given in the \fBmaster.cf\fR
+file at the end of a service definition. The syntax is as follows:
+.IP "\fBuser\fR=\fIusername\fR (required)"
+.IP "\fBuser\fR=\fIusername\fR:\fIgroupname\fR"
+The external command is executed with the rights of the
+specified \fIusername\fR. The software refuses to execute
+commands with root privileges, or with the privileges of the
+mail system owner. If \fIgroupname\fR is specified, the
+corresponding group ID is used instead of the group ID
+of \fIusername\fR.
+.IP "\fBargv\fR=\fIcommand\fR... (required)"
+The command to be executed. This must be specified as the
+last command attribute.
+The command is executed directly, i.e. without interpretation of
+shell meta characters by a shell command interpreter.
+.SH BUGS
+.ad
+.fi
+In order to enforce standard Postfix process resource controls,
+the \fBspawn\fR(8) daemon runs only one external command at a time.
+As such, it presents a noticeable overhead by wasting precious
+process resources. The \fBspawn\fR(8) daemon is expected to be
+replaced by a more structural solution.
+.SH DIAGNOSTICS
+.ad
+.fi
+The \fBspawn\fR(8) daemon reports abnormal child exits.
+Problems are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8).
+.SH "SECURITY"
+.na
+.nf
+.fi
+.ad
+This program needs root privilege in order to execute external
+commands as the specified user. It is therefore security sensitive.
+However the \fBspawn\fR(8) daemon does not talk to the external command
+and thus is not vulnerable to data\-driven attacks.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+Changes to \fBmain.cf\fR are picked up automatically as \fBspawn\fR(8)
+processes run for only a limited amount of time. Use the command
+"\fBpostfix reload\fR" to speed up a change.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+
+In the text below, \fItransport\fR is the first field of the entry
+in the \fBmaster.cf\fR file.
+.SH "RESOURCE AND RATE CONTROL"
+.na
+.nf
+.ad
+.fi
+.IP "\fBtransport_time_limit ($command_time_limit)\fR"
+A transport\-specific override for the command_time_limit parameter
+value, where \fItransport\fR is the master.cf name of the message
+delivery transport.
+.SH "MISCELLANEOUS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBdaemon_timeout (18000s)\fR"
+How much time a Postfix daemon process may take to handle a
+request before it is terminated by a built\-in watchdog timer.
+.IP "\fBexport_environment (see 'postconf -d' output)\fR"
+The list of environment variables that a Postfix process will export
+to non\-Postfix processes.
+.IP "\fBipc_timeout (3600s)\fR"
+The time limit for sending or receiving information over an internal
+communication channel.
+.IP "\fBmail_owner (postfix)\fR"
+The UNIX system account that owns the Postfix queue and most Postfix
+daemon processes.
+.IP "\fBmax_idle (100s)\fR"
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
+.IP "\fBmax_use (100)\fR"
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
+.IP "\fBprocess_id (read\-only)\fR"
+The process ID of a Postfix command or daemon process.
+.IP "\fBprocess_name (read\-only)\fR"
+The process name of a Postfix command or daemon process.
+.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
+The location of the Postfix top\-level queue directory.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix 3.3 and later:
+.IP "\fBservice_name (read\-only)\fR"
+The master.cf service name of a Postfix daemon process.
+.SH "SEE ALSO"
+.na
+.nf
+postconf(5), configuration parameters
+master(8), process manager
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man8/tlsmgr.8 b/man/man8/tlsmgr.8
new file mode 100644
index 0000000..c4e594c
--- /dev/null
+++ b/man/man8/tlsmgr.8
@@ -0,0 +1,208 @@
+.TH TLSMGR 8
+.ad
+.fi
+.SH NAME
+tlsmgr
+\-
+Postfix TLS session cache and PRNG manager
+.SH "SYNOPSIS"
+.na
+.nf
+\fBtlsmgr\fR [generic Postfix daemon options]
+.SH DESCRIPTION
+.ad
+.fi
+The \fBtlsmgr\fR(8) manages the Postfix TLS session caches.
+It stores and retrieves cache entries on request by
+\fBsmtpd\fR(8) and \fBsmtp\fR(8) processes, and periodically
+removes entries that have expired.
+
+The \fBtlsmgr\fR(8) also manages the PRNG (pseudo random number
+generator) pool. It answers queries by the \fBsmtpd\fR(8)
+and \fBsmtp\fR(8)
+processes to seed their internal PRNG pools.
+
+The \fBtlsmgr\fR(8)'s PRNG pool is initially seeded from
+an external source (EGD, /dev/urandom, or regular file).
+It is updated at configurable pseudo\-random intervals with
+data from the external source. It is updated periodically
+with data from TLS session cache entries and with the time
+of day, and is updated with the time of day whenever a
+process requests \fBtlsmgr\fR(8) service.
+
+The \fBtlsmgr\fR(8) saves the PRNG state to an exchange file
+periodically and when the process terminates, and reads
+the exchange file when initializing its PRNG.
+.SH "SECURITY"
+.na
+.nf
+.ad
+.fi
+The \fBtlsmgr\fR(8) is not security\-sensitive. The code that maintains
+the external and internal PRNG pools does not "trust" the
+data that it manipulates, and the code that maintains the
+TLS session cache does not touch the contents of the cached
+entries, except for seeding its internal PRNG pool.
+
+The \fBtlsmgr\fR(8) can be run chrooted and with reduced privileges.
+At process startup it connects to the entropy source and
+exchange file, and creates or truncates the optional TLS
+session cache files.
+
+With Postfix version 2.5 and later, the \fBtlsmgr\fR(8) no
+longer uses root privileges when opening cache files. These
+files should now be stored under the Postfix\-owned
+\fBdata_directory\fR. As a migration aid, an attempt to
+open a cache file under a non\-Postfix directory is redirected
+to the Postfix\-owned \fBdata_directory\fR, and a warning
+is logged.
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
+.SH BUGS
+.ad
+.fi
+There is no automatic means to limit the number of entries in the
+TLS session caches and/or the size of the TLS cache files.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+Changes to \fBmain.cf\fR are not picked up automatically,
+because \fBtlsmgr\fR(8) is a persistent processes. Use the
+command "\fBpostfix reload\fR" after a configuration change.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.SH "TLS SESSION CACHE"
+.na
+.nf
+.ad
+.fi
+.IP "\fBlmtp_tls_loglevel (0)\fR"
+The LMTP\-specific version of the smtp_tls_loglevel
+configuration parameter.
+.IP "\fBlmtp_tls_session_cache_database (empty)\fR"
+The LMTP\-specific version of the smtp_tls_session_cache_database
+configuration parameter.
+.IP "\fBlmtp_tls_session_cache_timeout (3600s)\fR"
+The LMTP\-specific version of the smtp_tls_session_cache_timeout
+configuration parameter.
+.IP "\fBsmtp_tls_loglevel (0)\fR"
+Enable additional Postfix SMTP client logging of TLS activity.
+.IP "\fBsmtp_tls_session_cache_database (empty)\fR"
+Name of the file containing the optional Postfix SMTP client
+TLS session cache.
+.IP "\fBsmtp_tls_session_cache_timeout (3600s)\fR"
+The expiration time of Postfix SMTP client TLS session cache
+information.
+.IP "\fBsmtpd_tls_loglevel (0)\fR"
+Enable additional Postfix SMTP server logging of TLS activity.
+.IP "\fBsmtpd_tls_session_cache_database (empty)\fR"
+Name of the file containing the optional Postfix SMTP server
+TLS session cache.
+.IP "\fBsmtpd_tls_session_cache_timeout (3600s)\fR"
+The expiration time of Postfix SMTP server TLS session cache
+information.
+.SH "PSEUDO RANDOM NUMBER GENERATOR"
+.na
+.nf
+.ad
+.fi
+.IP "\fBtls_random_source (see 'postconf -d' output)\fR"
+The external entropy source for the in\-memory \fBtlsmgr\fR(8) pseudo
+random number generator (PRNG) pool.
+.IP "\fBtls_random_bytes (32)\fR"
+The number of bytes that \fBtlsmgr\fR(8) reads from $tls_random_source
+when (re)seeding the in\-memory pseudo random number generator (PRNG)
+pool.
+.IP "\fBtls_random_exchange_name (see 'postconf -d' output)\fR"
+Name of the pseudo random number generator (PRNG) state file
+that is maintained by \fBtlsmgr\fR(8).
+.IP "\fBtls_random_prng_update_period (3600s)\fR"
+The time between attempts by \fBtlsmgr\fR(8) to save the state of
+the pseudo random number generator (PRNG) to the file specified
+with $tls_random_exchange_name.
+.IP "\fBtls_random_reseed_period (3600s)\fR"
+The maximal time between attempts by \fBtlsmgr\fR(8) to re\-seed the
+in\-memory pseudo random number generator (PRNG) pool from external
+sources.
+.SH "MISCELLANEOUS CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBdata_directory (see 'postconf -d' output)\fR"
+The directory with Postfix\-writable data files (for example:
+caches, pseudo\-random numbers).
+.IP "\fBdaemon_timeout (18000s)\fR"
+How much time a Postfix daemon process may take to handle a
+request before it is terminated by a built\-in watchdog timer.
+.IP "\fBprocess_id (read\-only)\fR"
+The process ID of a Postfix command or daemon process.
+.IP "\fBprocess_name (read\-only)\fR"
+The process name of a Postfix command or daemon process.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix 3.3 and later:
+.IP "\fBservice_name (read\-only)\fR"
+The master.cf service name of a Postfix daemon process.
+.SH "SEE ALSO"
+.na
+.nf
+smtp(8), Postfix SMTP client
+smtpd(8), Postfix SMTP server
+postconf(5), configuration parameters
+master(5), generic daemon options
+master(8), process manager
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+TLS_README, Postfix TLS configuration and operation
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH HISTORY
+.ad
+.fi
+This service was introduced with Postfix version 2.2.
+.SH "AUTHOR(S)"
+.na
+.nf
+Lutz Jaenicke
+BTU Cottbus
+Allgemeine Elektrotechnik
+Universitaetsplatz 3\-4
+D\-03044 Cottbus, Germany
+
+Adapted by:
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man8/tlsproxy.8 b/man/man8/tlsproxy.8
new file mode 100644
index 0000000..6913b7b
--- /dev/null
+++ b/man/man8/tlsproxy.8
@@ -0,0 +1,413 @@
+.TH TLSPROXY 8
+.ad
+.fi
+.SH NAME
+tlsproxy
+\-
+Postfix TLS proxy
+.SH "SYNOPSIS"
+.na
+.nf
+\fBtlsproxy\fR [generic Postfix daemon options]
+.SH DESCRIPTION
+.ad
+.fi
+The \fBtlsproxy\fR(8) server implements a two\-way TLS proxy. It
+is used by the \fBpostscreen\fR(8) server to talk SMTP\-over\-TLS
+with remote SMTP clients that are not allowlisted (including
+clients whose allowlist status has expired), and by the
+\fBsmtp\fR(8) client to support TLS connection reuse, but it
+should also work for non\-SMTP protocols.
+
+Although one \fBtlsproxy\fR(8) process can serve multiple
+sessions at the same time, it is a good idea to allow the
+number of processes to increase with load, so that the
+service remains responsive.
+.SH "PROTOCOL EXAMPLE"
+.na
+.nf
+.ad
+.fi
+The example below concerns \fBpostscreen\fR(8). However,
+the \fBtlsproxy\fR(8) server is agnostic of the application
+protocol, and the example is easily adapted to other
+applications.
+
+After receiving a valid remote SMTP client STARTTLS command,
+the \fBpostscreen\fR(8) server sends the remote SMTP client
+endpoint string, the requested role (server), and the
+requested timeout to \fBtlsproxy\fR(8). \fBpostscreen\fR(8)
+then receives a "TLS available" indication from \fBtlsproxy\fR(8).
+If the TLS service is available, \fBpostscreen\fR(8) sends
+the remote SMTP client file descriptor to \fBtlsproxy\fR(8),
+and sends the plaintext 220 greeting to the remote SMTP
+client. This triggers TLS negotiations between the remote
+SMTP client and \fBtlsproxy\fR(8). Upon completion of the
+TLS\-level handshake, \fBtlsproxy\fR(8) translates between
+plaintext from/to \fBpostscreen\fR(8) and ciphertext to/from
+the remote SMTP client.
+.SH "SECURITY"
+.na
+.nf
+.ad
+.fi
+The \fBtlsproxy\fR(8) server is moderately security\-sensitive.
+It talks to untrusted clients on the network. The process
+can be run chrooted at fixed low privilege.
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+Changes to \fBmain.cf\fR are not picked up automatically,
+as \fBtlsproxy\fR(8) processes may run for a long time
+depending on mail server load. Use the command "\fBpostfix
+reload\fR" to speed up a change.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.SH "STARTTLS GLOBAL CONTROLS"
+.na
+.nf
+.ad
+.fi
+The following settings are global and therefore cannot be
+overruled by information specified in a \fBtlsproxy\fR(8)
+client request.
+.IP "\fBtls_append_default_CA (no)\fR"
+Append the system\-supplied default Certification Authority
+certificates to the ones specified with *_tls_CApath or *_tls_CAfile.
+.IP "\fBtls_daemon_random_bytes (32)\fR"
+The number of pseudo\-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8)
+process requests from the \fBtlsmgr\fR(8) server in order to seed its
+internal pseudo random number generator (PRNG).
+.IP "\fBtls_high_cipherlist (see 'postconf -d' output)\fR"
+The OpenSSL cipherlist for "high" grade ciphers.
+.IP "\fBtls_medium_cipherlist (see 'postconf -d' output)\fR"
+The OpenSSL cipherlist for "medium" or higher grade ciphers.
+.IP "\fBtls_null_cipherlist (eNULL:!aNULL)\fR"
+The OpenSSL cipherlist for "NULL" grade ciphers that provide
+authentication without encryption.
+.IP "\fBtls_eecdh_strong_curve (prime256v1)\fR"
+The elliptic curve used by the Postfix SMTP server for sensibly
+strong
+ephemeral ECDH key exchange.
+.IP "\fBtls_eecdh_ultra_curve (secp384r1)\fR"
+The elliptic curve used by the Postfix SMTP server for maximally
+strong
+ephemeral ECDH key exchange.
+.IP "\fBtls_disable_workarounds (see 'postconf -d' output)\fR"
+List or bit\-mask of OpenSSL bug work\-arounds to disable.
+.IP "\fBtls_preempt_cipherlist (no)\fR"
+With SSLv3 and later, use the Postfix SMTP server's cipher
+preference order instead of the remote client's cipher preference
+order.
+.PP
+Available in Postfix version 2.8..3.7:
+.IP "\fBtls_low_cipherlist (see 'postconf -d' output)\fR"
+The OpenSSL cipherlist for "low" or higher grade ciphers.
+.IP "\fBtls_export_cipherlist (see 'postconf -d' output)\fR"
+The OpenSSL cipherlist for "export" or higher grade ciphers.
+.PP
+Available in Postfix version 2.9 and later:
+.IP "\fBtls_legacy_public_key_fingerprints (no)\fR"
+A temporary migration aid for sites that use certificate
+\fIpublic\-key\fR fingerprints with Postfix 2.9.0..2.9.5, which use
+an incorrect algorithm.
+.PP
+Available in Postfix version 2.11\-3.1:
+.IP "\fBtls_dane_digest_agility (on)\fR"
+Configure RFC7671 DANE TLSA digest algorithm agility.
+.IP "\fBtls_dane_trust_anchor_digest_enable (yes)\fR"
+Enable support for RFC 6698 (DANE TLSA) DNS records that contain
+digests of trust\-anchors with certificate usage "2".
+.PP
+Available in Postfix version 2.11 and later:
+.IP "\fBtlsmgr_service_name (tlsmgr)\fR"
+The name of the \fBtlsmgr\fR(8) service entry in master.cf.
+.PP
+Available in Postfix version 3.0 and later:
+.IP "\fBtls_session_ticket_cipher (Postfix >= 3.0: aes\-256\-cbc, Postfix < 3.0: aes\-128\-cbc)\fR"
+Algorithm used to encrypt RFC5077 TLS session tickets.
+.IP "\fBopenssl_path (openssl)\fR"
+The location of the OpenSSL command line program \fBopenssl\fR(1).
+.PP
+Available in Postfix version 3.2 and later:
+.IP "\fBtls_eecdh_auto_curves (see 'postconf -d' output)\fR"
+The prioritized list of elliptic curves supported by the Postfix
+SMTP client and server.
+.PP
+Available in Postfix version 3.4 and later:
+.IP "\fBtls_server_sni_maps (empty)\fR"
+Optional lookup tables that map names received from remote SMTP
+clients via the TLS Server Name Indication (SNI) extension to the
+appropriate keys and certificate chains.
+.PP
+Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
+.IP "\fBtls_fast_shutdown_enable (yes)\fR"
+A workaround for implementations that hang Postfix while shutting
+down a TLS session, until Postfix times out.
+.PP
+Available in Postfix version 3.8 and later:
+.IP "\fBtls_ffdhe_auto_groups (see 'postconf -d' output)\fR"
+The prioritized list of finite\-field Diffie\-Hellman ephemeral
+(FFDHE) key exchange groups supported by the Postfix SMTP client and
+server.
+.PP
+Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later:
+.IP "\fBtls_config_file (default)\fR"
+Optional configuration file with baseline OpenSSL settings.
+.IP "\fBtls_config_name (empty)\fR"
+The application name passed by Postfix to OpenSSL library
+initialization functions.
+.SH "STARTTLS SERVER CONTROLS"
+.na
+.nf
+.ad
+.fi
+These settings are clones of Postfix SMTP server settings.
+They allow \fBtlsproxy\fR(8) to load the same certificate
+and private key information as the Postfix SMTP server,
+before dropping privileges, so that the key files can be
+kept read\-only for root. These settings can currently not
+be overruled by information in a \fBtlsproxy\fR(8) client
+request, but that limitation may be removed in a future
+version.
+.IP "\fBtlsproxy_tls_CAfile ($smtpd_tls_CAfile)\fR"
+A file containing (PEM format) CA certificates of root CAs
+trusted to sign either remote SMTP client certificates or intermediate
+CA certificates.
+.IP "\fBtlsproxy_tls_CApath ($smtpd_tls_CApath)\fR"
+A directory containing (PEM format) CA certificates of root CAs
+trusted to sign either remote SMTP client certificates or intermediate
+CA certificates.
+.IP "\fBtlsproxy_tls_always_issue_session_ids ($smtpd_tls_always_issue_session_ids)\fR"
+Force the Postfix \fBtlsproxy\fR(8) server to issue a TLS session id,
+even when TLS session caching is turned off.
+.IP "\fBtlsproxy_tls_ask_ccert ($smtpd_tls_ask_ccert)\fR"
+Ask a remote SMTP client for a client certificate.
+.IP "\fBtlsproxy_tls_ccert_verifydepth ($smtpd_tls_ccert_verifydepth)\fR"
+The verification depth for remote SMTP client certificates.
+.IP "\fBtlsproxy_tls_cert_file ($smtpd_tls_cert_file)\fR"
+File with the Postfix \fBtlsproxy\fR(8) server RSA certificate in PEM
+format.
+.IP "\fBtlsproxy_tls_ciphers ($smtpd_tls_ciphers)\fR"
+The minimum TLS cipher grade that the Postfix \fBtlsproxy\fR(8) server
+will use with opportunistic TLS encryption.
+.IP "\fBtlsproxy_tls_dcert_file ($smtpd_tls_dcert_file)\fR"
+File with the Postfix \fBtlsproxy\fR(8) server DSA certificate in PEM
+format.
+.IP "\fBtlsproxy_tls_dh1024_param_file ($smtpd_tls_dh1024_param_file)\fR"
+File with DH parameters that the Postfix \fBtlsproxy\fR(8) server
+should use with non\-export EDH ciphers.
+.IP "\fBtlsproxy_tls_dh512_param_file ($smtpd_tls_dh512_param_file)\fR"
+File with DH parameters that the Postfix \fBtlsproxy\fR(8) server
+should use with export\-grade EDH ciphers.
+.IP "\fBtlsproxy_tls_dkey_file ($smtpd_tls_dkey_file)\fR"
+File with the Postfix \fBtlsproxy\fR(8) server DSA private key in PEM
+format.
+.IP "\fBtlsproxy_tls_eccert_file ($smtpd_tls_eccert_file)\fR"
+File with the Postfix \fBtlsproxy\fR(8) server ECDSA certificate in PEM
+format.
+.IP "\fBtlsproxy_tls_eckey_file ($smtpd_tls_eckey_file)\fR"
+File with the Postfix \fBtlsproxy\fR(8) server ECDSA private key in PEM
+format.
+.IP "\fBtlsproxy_tls_eecdh_grade ($smtpd_tls_eecdh_grade)\fR"
+The Postfix \fBtlsproxy\fR(8) server security grade for ephemeral
+elliptic\-curve Diffie\-Hellman (EECDH) key exchange.
+.IP "\fBtlsproxy_tls_exclude_ciphers ($smtpd_tls_exclude_ciphers)\fR"
+List of ciphers or cipher types to exclude from the \fBtlsproxy\fR(8)
+server cipher list at all TLS security levels.
+.IP "\fBtlsproxy_tls_fingerprint_digest ($smtpd_tls_fingerprint_digest)\fR"
+The message digest algorithm to construct remote SMTP
+client\-certificate
+fingerprints.
+.IP "\fBtlsproxy_tls_key_file ($smtpd_tls_key_file)\fR"
+File with the Postfix \fBtlsproxy\fR(8) server RSA private key in PEM
+format.
+.IP "\fBtlsproxy_tls_loglevel ($smtpd_tls_loglevel)\fR"
+Enable additional Postfix \fBtlsproxy\fR(8) server logging of TLS
+activity.
+.IP "\fBtlsproxy_tls_mandatory_ciphers ($smtpd_tls_mandatory_ciphers)\fR"
+The minimum TLS cipher grade that the Postfix \fBtlsproxy\fR(8) server
+will use with mandatory TLS encryption.
+.IP "\fBtlsproxy_tls_mandatory_exclude_ciphers ($smtpd_tls_mandatory_exclude_ciphers)\fR"
+Additional list of ciphers or cipher types to exclude from the
+\fBtlsproxy\fR(8) server cipher list at mandatory TLS security levels.
+.IP "\fBtlsproxy_tls_mandatory_protocols ($smtpd_tls_mandatory_protocols)\fR"
+The SSL/TLS protocols accepted by the Postfix \fBtlsproxy\fR(8) server
+with mandatory TLS encryption.
+.IP "\fBtlsproxy_tls_protocols ($smtpd_tls_protocols)\fR"
+List of TLS protocols that the Postfix \fBtlsproxy\fR(8) server will
+exclude or include with opportunistic TLS encryption.
+.IP "\fBtlsproxy_tls_req_ccert ($smtpd_tls_req_ccert)\fR"
+With mandatory TLS encryption, require a trusted remote SMTP
+client certificate in order to allow TLS connections to proceed.
+.IP "\fBtlsproxy_tls_security_level ($smtpd_tls_security_level)\fR"
+The SMTP TLS security level for the Postfix \fBtlsproxy\fR(8) server;
+when a non\-empty value is specified, this overrides the obsolete
+parameters smtpd_use_tls and smtpd_enforce_tls.
+.IP "\fBtlsproxy_tls_chain_files ($smtpd_tls_chain_files)\fR"
+Files with the Postfix \fBtlsproxy\fR(8) server keys and certificate
+chains in PEM format.
+.SH "STARTTLS CLIENT CONTROLS"
+.na
+.nf
+.ad
+.fi
+These settings are clones of Postfix SMTP client settings.
+They allow \fBtlsproxy\fR(8) to load the same certificate
+and private key information as the Postfix SMTP client,
+before dropping privileges, so that the key files can be
+kept read\-only for root. Some settings may be overruled by
+information in a \fBtlsproxy\fR(8) client request.
+.PP
+Available in Postfix version 3.4 and later:
+.IP "\fBtlsproxy_client_CAfile ($smtp_tls_CAfile)\fR"
+A file containing CA certificates of root CAs trusted to sign
+either remote TLS server certificates or intermediate CA certificates.
+.IP "\fBtlsproxy_client_CApath ($smtp_tls_CApath)\fR"
+Directory with PEM format Certification Authority certificates
+that the Postfix \fBtlsproxy\fR(8) client uses to verify a remote TLS
+server certificate.
+.IP "\fBtlsproxy_client_chain_files ($smtp_tls_chain_files)\fR"
+Files with the Postfix \fBtlsproxy\fR(8) client keys and certificate
+chains in PEM format.
+.IP "\fBtlsproxy_client_cert_file ($smtp_tls_cert_file)\fR"
+File with the Postfix \fBtlsproxy\fR(8) client RSA certificate in PEM
+format.
+.IP "\fBtlsproxy_client_key_file ($smtp_tls_key_file)\fR"
+File with the Postfix \fBtlsproxy\fR(8) client RSA private key in PEM
+format.
+.IP "\fBtlsproxy_client_dcert_file ($smtp_tls_dcert_file)\fR"
+File with the Postfix \fBtlsproxy\fR(8) client DSA certificate in PEM
+format.
+.IP "\fBtlsproxy_client_dkey_file ($smtp_tls_dkey_file)\fR"
+File with the Postfix \fBtlsproxy\fR(8) client DSA private key in PEM
+format.
+.IP "\fBtlsproxy_client_eccert_file ($smtp_tls_eccert_file)\fR"
+File with the Postfix \fBtlsproxy\fR(8) client ECDSA certificate in PEM
+format.
+.IP "\fBtlsproxy_client_eckey_file ($smtp_tls_eckey_file)\fR"
+File with the Postfix \fBtlsproxy\fR(8) client ECDSA private key in PEM
+format.
+.IP "\fBtlsproxy_client_fingerprint_digest ($smtp_tls_fingerprint_digest)\fR"
+The message digest algorithm used to construct remote TLS server
+certificate fingerprints.
+.IP "\fBtlsproxy_client_loglevel ($smtp_tls_loglevel)\fR"
+Enable additional Postfix \fBtlsproxy\fR(8) client logging of TLS
+activity.
+.IP "\fBtlsproxy_client_loglevel_parameter (smtp_tls_loglevel)\fR"
+The name of the parameter that provides the tlsproxy_client_loglevel
+value.
+.IP "\fBtlsproxy_client_scert_verifydepth ($smtp_tls_scert_verifydepth)\fR"
+The verification depth for remote TLS server certificates.
+.IP "\fBtlsproxy_client_use_tls ($smtp_use_tls)\fR"
+Opportunistic mode: use TLS when a remote server announces TLS
+support.
+.IP "\fBtlsproxy_client_enforce_tls ($smtp_enforce_tls)\fR"
+Enforcement mode: require that SMTP servers use TLS encryption.
+.IP "\fBtlsproxy_client_per_site ($smtp_tls_per_site)\fR"
+Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS
+usage policy by next\-hop destination and by remote TLS server
+hostname.
+.PP
+Available in Postfix version 3.4\-3.6:
+.IP "\fBtlsproxy_client_level ($smtp_tls_security_level)\fR"
+The default TLS security level for the Postfix \fBtlsproxy\fR(8)
+client.
+.IP "\fBtlsproxy_client_policy ($smtp_tls_policy_maps)\fR"
+Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS
+security policy by next\-hop destination.
+.PP
+Available in Postfix version 3.7 and later:
+.IP "\fBtlsproxy_client_security_level ($smtp_tls_security_level)\fR"
+The default TLS security level for the Postfix \fBtlsproxy\fR(8)
+client.
+.IP "\fBtlsproxy_client_policy_maps ($smtp_tls_policy_maps)\fR"
+Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS
+security policy by next\-hop destination.
+.SH "OBSOLETE STARTTLS SUPPORT CONTROLS"
+.na
+.nf
+.ad
+.fi
+These parameters are supported for compatibility with
+\fBsmtpd\fR(8) legacy parameters.
+.IP "\fBtlsproxy_use_tls ($smtpd_use_tls)\fR"
+Opportunistic TLS: announce STARTTLS support to remote SMTP clients,
+but do not require that clients use TLS encryption.
+.IP "\fBtlsproxy_enforce_tls ($smtpd_enforce_tls)\fR"
+Mandatory TLS: announce STARTTLS support to remote SMTP clients, and
+require that clients use TLS encryption.
+.IP "\fBtlsproxy_client_use_tls ($smtp_use_tls)\fR"
+Opportunistic mode: use TLS when a remote server announces TLS
+support.
+.IP "\fBtlsproxy_client_enforce_tls ($smtp_enforce_tls)\fR"
+Enforcement mode: require that SMTP servers use TLS encryption.
+.SH "RESOURCE CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBtlsproxy_watchdog_timeout (10s)\fR"
+How much time a \fBtlsproxy\fR(8) process may take to process local
+or remote I/O before it is terminated by a built\-in watchdog timer.
+.SH "MISCELLANEOUS CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBprocess_id (read\-only)\fR"
+The process ID of a Postfix command or daemon process.
+.IP "\fBprocess_name (read\-only)\fR"
+The process name of a Postfix command or daemon process.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix 3.3 and later:
+.IP "\fBservice_name (read\-only)\fR"
+The master.cf service name of a Postfix daemon process.
+.SH "SEE ALSO"
+.na
+.nf
+postscreen(8), Postfix zombie blocker
+smtpd(8), Postfix SMTP server
+postconf(5), configuration parameters
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH HISTORY
+.ad
+.fi
+.ad
+.fi
+This service was introduced with Postfix version 2.8.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man8/trace.8 b/man/man8/trace.8
new file mode 100644
index 0000000..411dfa1
--- /dev/null
+++ b/man/man8/trace.8
@@ -0,0 +1 @@
+.so man8/bounce.8
diff --git a/man/man8/trivial-rewrite.8 b/man/man8/trivial-rewrite.8
new file mode 100644
index 0000000..e41da71
--- /dev/null
+++ b/man/man8/trivial-rewrite.8
@@ -0,0 +1,325 @@
+.TH TRIVIAL-REWRITE 8
+.ad
+.fi
+.SH NAME
+trivial-rewrite
+\-
+Postfix address rewriting and resolving daemon
+.SH "SYNOPSIS"
+.na
+.nf
+\fBtrivial\-rewrite\fR [generic Postfix daemon options]
+.SH DESCRIPTION
+.ad
+.fi
+The \fBtrivial\-rewrite\fR(8) daemon processes three types of client
+service requests:
+.IP "\fBrewrite \fIcontext address\fR"
+Rewrite an address to standard form, according to the
+address rewriting context:
+.RS
+.IP \fBlocal\fR
+Append the domain names specified with \fB$myorigin\fR or
+\fB$mydomain\fR to incomplete addresses; do \fBswap_bangpath\fR
+and \fBallow_percent_hack\fR processing as described below, and
+strip source routed addresses (\fI@site,@site:user@domain\fR)
+to \fIuser@domain\fR form.
+.IP \fBremote\fR
+Append the domain name specified with
+\fB$remote_header_rewrite_domain\fR to incomplete
+addresses. Otherwise the result is identical to that of
+the \fBlocal\fR address rewriting context. This prevents
+Postfix from appending the local domain to spam from poorly
+written remote clients.
+.RE
+.IP "\fBresolve \fIsender\fR \fIaddress\fR"
+Resolve the address to a (\fItransport\fR, \fInexthop\fR,
+\fIrecipient\fR, \fIflags\fR) quadruple. The meaning of
+the results is as follows:
+.RS
+.IP \fItransport\fR
+The delivery agent to use. This is the first field of an entry
+in the \fBmaster.cf\fR file.
+.IP \fInexthop\fR
+The host to send to and optional delivery method information.
+.IP \fIrecipient\fR
+The envelope recipient address that is passed on to \fInexthop\fR.
+.IP \fIflags\fR
+The address class, whether the address requires relaying,
+whether the address has problems, and whether the request failed.
+.RE
+.IP "\fBverify \fIsender\fR \fIaddress\fR"
+Resolve the address for address verification purposes.
+.SH "SERVER PROCESS MANAGEMENT"
+.na
+.nf
+.ad
+.fi
+The \fBtrivial\-rewrite\fR(8) servers run under control by
+the Postfix master(8)
+server. Each server can handle multiple simultaneous connections.
+When all servers are busy while a client connects, the master
+creates a new server process, provided that the trivial\-rewrite
+server process limit is not exceeded.
+Each trivial\-rewrite server terminates after
+serving at least \fB$max_use\fR clients of after \fB$max_idle\fR
+seconds of idle time.
+.SH "STANDARDS"
+.na
+.nf
+.ad
+.fi
+None. The command does not interact with the outside world.
+.SH "SECURITY"
+.na
+.nf
+.ad
+.fi
+The \fBtrivial\-rewrite\fR(8) daemon is not security sensitive.
+By default, this daemon does not talk to remote or local users.
+It can run at a fixed low privilege in a chrooted environment.
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+On busy mail systems a long time may pass before a \fBmain.cf\fR
+change affecting \fBtrivial\-rewrite\fR(8) is picked up. Use the command
+"\fBpostfix reload\fR" to speed up a change.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.SH "COMPATIBILITY CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBresolve_dequoted_address (yes)\fR"
+Resolve a recipient address safely instead of correctly, by
+looking inside quotes.
+.PP
+Available with Postfix version 2.1 and later:
+.IP "\fBresolve_null_domain (no)\fR"
+Resolve an address that ends in the "@" null domain as if the
+local hostname were specified, instead of rejecting the address as
+invalid.
+.PP
+Available with Postfix version 2.3 and later:
+.IP "\fBresolve_numeric_domain (no)\fR"
+Resolve "user@ipaddress" as "user@[ipaddress]", instead of
+rejecting the address as invalid.
+.PP
+Available with Postfix version 2.5 and later:
+.IP "\fBallow_min_user (no)\fR"
+Allow a sender or recipient address to have `\-' as the first
+character.
+.SH "ADDRESS REWRITING CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBmyorigin ($myhostname)\fR"
+The domain name that locally\-posted mail appears to come
+from, and that locally posted mail is delivered to.
+.IP "\fBallow_percent_hack (yes)\fR"
+Enable the rewriting of the form "user%domain" to "user@domain".
+.IP "\fBappend_at_myorigin (yes)\fR"
+With locally submitted mail, append the string "@$myorigin" to mail
+addresses without domain information.
+.IP "\fBappend_dot_mydomain (Postfix >= 3.0: no, Postfix < 3.0: yes)\fR"
+With locally submitted mail, append the string ".$mydomain" to
+addresses that have no ".domain" information.
+.IP "\fBrecipient_delimiter (empty)\fR"
+The set of characters that can separate an email address
+localpart, user name, or a .forward file name from its extension.
+.IP "\fBswap_bangpath (yes)\fR"
+Enable the rewriting of "site!user" into "user@site".
+.PP
+Available in Postfix 2.2 and later:
+.IP "\fBremote_header_rewrite_domain (empty)\fR"
+Don't rewrite message headers from remote clients at all when
+this parameter is empty; otherwise, rewrite message headers and
+append the specified domain name to incomplete addresses.
+.SH "ROUTING CONTROLS"
+.na
+.nf
+.ad
+.fi
+The following is applicable to Postfix version 2.0 and later.
+Earlier versions do not have support for: virtual_transport,
+relay_transport, virtual_alias_domains, virtual_mailbox_domains
+or proxy_interfaces.
+.IP "\fBlocal_transport (local:$myhostname)\fR"
+The default mail delivery transport and next\-hop destination
+for final delivery to domains listed with mydestination, and for
+[ipaddress] destinations that match $inet_interfaces or $proxy_interfaces.
+.IP "\fBvirtual_transport (virtual)\fR"
+The default mail delivery transport and next\-hop destination for
+final delivery to domains listed with $virtual_mailbox_domains.
+.IP "\fBrelay_transport (relay)\fR"
+The default mail delivery transport and next\-hop destination for
+remote delivery to domains listed with $relay_domains.
+.IP "\fBdefault_transport (smtp)\fR"
+The default mail delivery transport and next\-hop destination for
+destinations that do not match $mydestination, $inet_interfaces,
+$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains,
+or $relay_domains.
+.IP "\fBparent_domain_matches_subdomains (see 'postconf -d' output)\fR"
+A list of Postfix features where the pattern "example.com" also
+matches subdomains of example.com,
+instead of requiring an explicit ".example.com" pattern.
+.IP "\fBrelayhost (empty)\fR"
+The next\-hop destination(s) for non\-local mail; overrides non\-local
+domains in recipient addresses.
+.IP "\fBtransport_maps (empty)\fR"
+Optional lookup tables with mappings from recipient address to
+(message delivery transport, next\-hop destination).
+.PP
+Available in Postfix version 2.3 and later:
+.IP "\fBsender_dependent_relayhost_maps (empty)\fR"
+A sender\-dependent override for the global relayhost parameter
+setting.
+.PP
+Available in Postfix version 2.5 and later:
+.IP "\fBempty_address_relayhost_maps_lookup_key (<>)\fR"
+The sender_dependent_relayhost_maps search string that will be
+used instead of the null sender address.
+.PP
+Available in Postfix version 2.7 and later:
+.IP "\fBempty_address_default_transport_maps_lookup_key (<>)\fR"
+The sender_dependent_default_transport_maps search string that
+will be used instead of the null sender address.
+.IP "\fBsender_dependent_default_transport_maps (empty)\fR"
+A sender\-dependent override for the global default_transport
+parameter setting.
+.SH "ADDRESS VERIFICATION CONTROLS"
+.na
+.nf
+.ad
+.fi
+Postfix version 2.1 introduces sender and recipient address verification.
+This feature is implemented by sending probe email messages that
+are not actually delivered.
+By default, address verification probes use the same route
+as regular mail. To override specific aspects of message
+routing for address verification probes, specify one or more
+of the following:
+.IP "\fBaddress_verify_local_transport ($local_transport)\fR"
+Overrides the local_transport parameter setting for address
+verification probes.
+.IP "\fBaddress_verify_virtual_transport ($virtual_transport)\fR"
+Overrides the virtual_transport parameter setting for address
+verification probes.
+.IP "\fBaddress_verify_relay_transport ($relay_transport)\fR"
+Overrides the relay_transport parameter setting for address
+verification probes.
+.IP "\fBaddress_verify_default_transport ($default_transport)\fR"
+Overrides the default_transport parameter setting for address
+verification probes.
+.IP "\fBaddress_verify_relayhost ($relayhost)\fR"
+Overrides the relayhost parameter setting for address verification
+probes.
+.IP "\fBaddress_verify_transport_maps ($transport_maps)\fR"
+Overrides the transport_maps parameter setting for address verification
+probes.
+.PP
+Available in Postfix version 2.3 and later:
+.IP "\fBaddress_verify_sender_dependent_relayhost_maps ($sender_dependent_relayhost_maps)\fR"
+Overrides the sender_dependent_relayhost_maps parameter setting for address
+verification probes.
+.PP
+Available in Postfix version 2.7 and later:
+.IP "\fBaddress_verify_sender_dependent_default_transport_maps ($sender_dependent_default_transport_maps)\fR"
+Overrides the sender_dependent_default_transport_maps parameter
+setting for address verification probes.
+.SH "MISCELLANEOUS CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBdaemon_timeout (18000s)\fR"
+How much time a Postfix daemon process may take to handle a
+request before it is terminated by a built\-in watchdog timer.
+.IP "\fBempty_address_recipient (MAILER\-DAEMON)\fR"
+The recipient of mail addressed to the null address.
+.IP "\fBipc_timeout (3600s)\fR"
+The time limit for sending or receiving information over an internal
+communication channel.
+.IP "\fBmax_idle (100s)\fR"
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
+.IP "\fBmax_use (100)\fR"
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
+.IP "\fBrelocated_maps (empty)\fR"
+Optional lookup tables with new contact information for users or
+domains that no longer exist.
+.IP "\fBprocess_id (read\-only)\fR"
+The process ID of a Postfix command or daemon process.
+.IP "\fBprocess_name (read\-only)\fR"
+The process name of a Postfix command or daemon process.
+.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
+The location of the Postfix top\-level queue directory.
+.IP "\fBshow_user_unknown_table_name (yes)\fR"
+Display the name of the recipient table in the "User unknown"
+responses.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix version 2.0 and later:
+.IP "\fBhelpful_warnings (yes)\fR"
+Log warnings about problematic configuration settings, and provide
+helpful suggestions.
+.PP
+Available in Postfix 3.3 and later:
+.IP "\fBservice_name (read\-only)\fR"
+The master.cf service name of a Postfix daemon process.
+.SH "SEE ALSO"
+.na
+.nf
+postconf(5), configuration parameters
+transport(5), transport table format
+relocated(5), format of the "user has moved" table
+master(8), process manager
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+ADDRESS_CLASS_README, Postfix address classes howto
+ADDRESS_VERIFICATION_README, Postfix address verification
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man8/verify.8 b/man/man8/verify.8
new file mode 100644
index 0000000..7aece00
--- /dev/null
+++ b/man/man8/verify.8
@@ -0,0 +1,257 @@
+.TH VERIFY 8
+.ad
+.fi
+.SH NAME
+verify
+\-
+Postfix address verification server
+.SH "SYNOPSIS"
+.na
+.nf
+\fBverify\fR [generic Postfix daemon options]
+.SH DESCRIPTION
+.ad
+.fi
+The \fBverify\fR(8) address verification server maintains a record
+of what recipient addresses are known to be deliverable or
+undeliverable.
+
+Addresses are verified by injecting probe messages into the
+Postfix queue. Probe messages are run through all the routing
+and rewriting machinery except for final delivery, and are
+discarded rather than being deferred or bounced.
+
+Address verification relies on the answer from the nearest
+MTA for the specified address, and will therefore not detect
+all undeliverable addresses.
+
+The \fBverify\fR(8) server is designed to run under control
+by the Postfix
+master server. It maintains an optional persistent database.
+To avoid being interrupted by "postfix stop" in the middle
+of a database update, the process runs in a separate process
+group.
+
+The \fBverify\fR(8) server implements the following requests:
+.IP "\fBupdate\fI address status text\fR"
+Update the status and text of the specified address.
+.IP "\fBquery\fI address\fR"
+Look up the \fIstatus\fR and \fItext\fR for the specified
+\fIaddress\fR.
+If the status is unknown, a probe is sent and an "in progress"
+status is returned.
+.SH "SECURITY"
+.na
+.nf
+.ad
+.fi
+The address verification server is not security\-sensitive. It does
+not talk to the network, and it does not talk to local users.
+The verify server can run chrooted at fixed low privilege.
+
+The address verification server can be coerced to store
+unlimited amounts of garbage. Limiting the cache expiry
+time
+trades one problem (disk space exhaustion) for another
+one (poor response time to client requests).
+
+With Postfix version 2.5 and later, the \fBverify\fR(8)
+server no longer uses root privileges when opening the
+\fBaddress_verify_map\fR cache file. The file should now
+be stored under the Postfix\-owned \fBdata_directory\fR. As
+a migration aid, an attempt to open a cache file under a
+non\-Postfix directory is redirected to the Postfix\-owned
+\fBdata_directory\fR, and a warning is logged.
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
+.SH BUGS
+.ad
+.fi
+Address verification probe messages add additional traffic
+to the mail queue.
+Recipient verification may cause an increased load on
+down\-stream servers in the case of a dictionary attack or
+a flood of backscatter bounces.
+Sender address verification may cause your site to be
+denylisted by some providers.
+
+If the persistent database ever gets corrupted then the world
+comes to an end and human intervention is needed. This violates
+a basic Postfix principle.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+Changes to \fBmain.cf\fR are not picked up automatically,
+as \fBverify\fR(8)
+processes are long\-lived. Use the command "\fBpostfix reload\fR" after
+a configuration change.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.SH "PROBE MESSAGE CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBaddress_verify_sender ($double_bounce_sender)\fR"
+The sender address to use in address verification probes; prior
+to Postfix 2.5 the default was "postmaster".
+.PP
+Available with Postfix 2.9 and later:
+.IP "\fBaddress_verify_sender_ttl (0s)\fR"
+The time between changes in the time\-dependent portion of address
+verification probe sender addresses.
+.SH "CACHE CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBaddress_verify_map (see 'postconf -d' output)\fR"
+Lookup table for persistent address verification status
+storage.
+.IP "\fBaddress_verify_positive_expire_time (31d)\fR"
+The time after which a successful probe expires from the address
+verification cache.
+.IP "\fBaddress_verify_positive_refresh_time (7d)\fR"
+The time after which a successful address verification probe needs
+to be refreshed.
+.IP "\fBaddress_verify_negative_cache (yes)\fR"
+Enable caching of failed address verification probe results.
+.IP "\fBaddress_verify_negative_expire_time (3d)\fR"
+The time after which a failed probe expires from the address
+verification cache.
+.IP "\fBaddress_verify_negative_refresh_time (3h)\fR"
+The time after which a failed address verification probe needs to
+be refreshed.
+.PP
+Available with Postfix 2.7 and later:
+.IP "\fBaddress_verify_cache_cleanup_interval (12h)\fR"
+The amount of time between \fBverify\fR(8) address verification
+database cleanup runs.
+.SH "PROBE MESSAGE ROUTING CONTROLS"
+.na
+.nf
+.ad
+.fi
+By default, probe messages are delivered via the same route
+as regular messages. The following parameters can be used to
+override specific message routing mechanisms.
+.IP "\fBaddress_verify_relayhost ($relayhost)\fR"
+Overrides the relayhost parameter setting for address verification
+probes.
+.IP "\fBaddress_verify_transport_maps ($transport_maps)\fR"
+Overrides the transport_maps parameter setting for address verification
+probes.
+.IP "\fBaddress_verify_local_transport ($local_transport)\fR"
+Overrides the local_transport parameter setting for address
+verification probes.
+.IP "\fBaddress_verify_virtual_transport ($virtual_transport)\fR"
+Overrides the virtual_transport parameter setting for address
+verification probes.
+.IP "\fBaddress_verify_relay_transport ($relay_transport)\fR"
+Overrides the relay_transport parameter setting for address
+verification probes.
+.IP "\fBaddress_verify_default_transport ($default_transport)\fR"
+Overrides the default_transport parameter setting for address
+verification probes.
+.PP
+Available in Postfix 2.3 and later:
+.IP "\fBaddress_verify_sender_dependent_relayhost_maps ($sender_dependent_relayhost_maps)\fR"
+Overrides the sender_dependent_relayhost_maps parameter setting for address
+verification probes.
+.PP
+Available in Postfix 2.7 and later:
+.IP "\fBaddress_verify_sender_dependent_default_transport_maps ($sender_dependent_default_transport_maps)\fR"
+Overrides the sender_dependent_default_transport_maps parameter
+setting for address verification probes.
+.SH "SMTPUTF8 CONTROLS"
+.na
+.nf
+.ad
+.fi
+Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
+.IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR"
+Detect that a message requires SMTPUTF8 support for the specified
+mail origin classes.
+.PP
+Available in Postfix version 3.2 and later:
+.IP "\fBenable_idna2003_compatibility (no)\fR"
+Enable 'transitional' compatibility between IDNA2003 and IDNA2008,
+when converting UTF\-8 domain names to/from the ASCII form that is
+used for DNS lookups.
+.SH "MISCELLANEOUS CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBdaemon_timeout (18000s)\fR"
+How much time a Postfix daemon process may take to handle a
+request before it is terminated by a built\-in watchdog timer.
+.IP "\fBipc_timeout (3600s)\fR"
+The time limit for sending or receiving information over an internal
+communication channel.
+.IP "\fBprocess_id (read\-only)\fR"
+The process ID of a Postfix command or daemon process.
+.IP "\fBprocess_name (read\-only)\fR"
+The process name of a Postfix command or daemon process.
+.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
+The location of the Postfix top\-level queue directory.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix 3.3 and later:
+.IP "\fBservice_name (read\-only)\fR"
+The master.cf service name of a Postfix daemon process.
+.SH "SEE ALSO"
+.na
+.nf
+smtpd(8), Postfix SMTP server
+cleanup(8), enqueue Postfix message
+postconf(5), configuration parameters
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+ADDRESS_VERIFICATION_README, address verification howto
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH HISTORY
+.ad
+.fi
+.ad
+.fi
+This service was introduced with Postfix version 2.1.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/man/man8/virtual.8 b/man/man8/virtual.8
new file mode 100644
index 0000000..746fc0d
--- /dev/null
+++ b/man/man8/virtual.8
@@ -0,0 +1,358 @@
+.TH VIRTUAL 8
+.ad
+.fi
+.SH NAME
+virtual
+\-
+Postfix virtual domain mail delivery agent
+.SH "SYNOPSIS"
+.na
+.nf
+\fBvirtual\fR [generic Postfix daemon options]
+.SH DESCRIPTION
+.ad
+.fi
+The \fBvirtual\fR(8) delivery agent is designed for virtual mail
+hosting services. Originally based on the Postfix \fBlocal\fR(8)
+delivery
+agent, this agent looks up recipients with map lookups of their
+full recipient address, instead of using hard\-coded unix password
+file lookups of the address local part only.
+
+This delivery agent only delivers mail. Other features such as
+mail forwarding, out\-of\-office notifications, etc., must be
+configured via virtual_alias maps or via similar lookup mechanisms.
+.SH "MAILBOX LOCATION"
+.na
+.nf
+.ad
+.fi
+The mailbox location is controlled by the \fBvirtual_mailbox_base\fR
+and \fBvirtual_mailbox_maps\fR configuration parameters (see below).
+The \fBvirtual_mailbox_maps\fR table is indexed by the recipient
+address as described under TABLE SEARCH ORDER below.
+
+The mailbox pathname is constructed as follows:
+
+.nf
+ \fB$virtual_mailbox_base/$virtual_mailbox_maps(\fIrecipient\fB)\fR
+.fi
+
+where \fIrecipient\fR is the full recipient address.
+.SH "UNIX MAILBOX FORMAT"
+.na
+.nf
+.ad
+.fi
+When the mailbox location does not end in \fB/\fR, the message
+is delivered in UNIX mailbox format. This format stores multiple
+messages in one textfile.
+
+The \fBvirtual\fR(8) delivery agent prepends a "\fBFrom \fIsender
+time_stamp\fR" envelope header to each message, prepends a
+\fBDelivered\-To:\fR message header with the envelope recipient
+address,
+prepends an \fBX\-Original\-To:\fR header with the recipient address as
+given to Postfix,
+prepends a \fBReturn\-Path:\fR message header with the
+envelope sender address, prepends a \fB>\fR character to lines
+beginning with "\fBFrom \fR", and appends an empty line.
+
+The mailbox is locked for exclusive access while delivery is in
+progress. In case of problems, an attempt is made to truncate the
+mailbox to its original length.
+.SH "QMAIL MAILDIR FORMAT"
+.na
+.nf
+.ad
+.fi
+When the mailbox location ends in \fB/\fR, the message is delivered
+in qmail \fBmaildir\fR format. This format stores one message per file.
+
+The \fBvirtual\fR(8) delivery agent prepends a \fBDelivered\-To:\fR
+message header with the final envelope recipient address,
+prepends an \fBX\-Original\-To:\fR header with the recipient address as
+given to Postfix, and prepends a
+\fBReturn\-Path:\fR message header with the envelope sender address.
+
+By definition, \fBmaildir\fR format does not require application\-level
+file locking during mail delivery or retrieval.
+.SH "MAILBOX OWNERSHIP"
+.na
+.nf
+.ad
+.fi
+Mailbox ownership is controlled by the \fBvirtual_uid_maps\fR
+and \fBvirtual_gid_maps\fR lookup tables, which are indexed
+with the full recipient address. Each table provides
+a string with the numerical user and group ID, respectively.
+
+The \fBvirtual_minimum_uid\fR parameter imposes a lower bound on
+numerical user ID values that may be specified in any
+\fBvirtual_uid_maps\fR.
+.SH "CASE FOLDING"
+.na
+.nf
+.ad
+.fi
+All delivery decisions are made using the full recipient
+address, folded to lower case. See also the next section
+for a few exceptions with optional address extensions.
+.SH "TABLE SEARCH ORDER"
+.na
+.nf
+.ad
+.fi
+Normally, a lookup table is specified as a text file that
+serves as input to the \fBpostmap\fR(1) command. The result, an
+indexed file in \fBdbm\fR or \fBdb\fR format, is used for fast
+searching by the mail system.
+
+The search order is as follows. The search stops
+upon the first successful lookup.
+.IP \(bu
+When the recipient has an optional address extension the
+\fIuser+extension@domain.tld\fR address is looked up first.
+.sp
+With Postfix versions before 2.1, the optional address extension
+is always ignored.
+.IP \(bu
+The \fIuser@domain.tld\fR address, without address extension,
+is looked up next.
+.IP \(bu
+Finally, the recipient \fI@domain\fR is looked up.
+.PP
+When the table is provided via other means such as NIS, LDAP
+or SQL, the same lookups are done as for ordinary indexed files.
+
+Alternatively, a table can be provided as a regular\-expression
+map where patterns are given as regular expressions. In that case,
+only the full recipient address is given to the regular\-expression
+map.
+.SH "SECURITY"
+.na
+.nf
+.ad
+.fi
+The \fBvirtual\fR(8) delivery agent is not security sensitive, provided
+that the lookup tables with recipient user/group ID information are
+adequately protected. This program is not designed to run chrooted.
+
+The \fBvirtual\fR(8) delivery agent disallows regular expression
+substitution of $1 etc. in regular expression lookup tables,
+because that would open a security hole.
+
+The \fBvirtual\fR(8) delivery agent will silently ignore requests
+to use the \fBproxymap\fR(8) server. Instead it will open the
+table directly. Before Postfix version 2.2, the virtual
+delivery agent will terminate with a fatal error.
+.SH "STANDARDS"
+.na
+.nf
+RFC 822 (ARPA Internet Text Messages)
+.SH DIAGNOSTICS
+.ad
+.fi
+Mail bounces when the recipient has no mailbox or when the
+recipient is over disk quota. In all other problem cases, mail for
+an existing recipient is deferred and a warning is logged.
+
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
+Corrupted message files are marked so that the queue
+manager can move them to the \fBcorrupt\fR queue afterwards.
+
+Depending on the setting of the \fBnotify_classes\fR parameter,
+the postmaster is notified of bounces and of other trouble.
+.SH BUGS
+.ad
+.fi
+This delivery agent supports address extensions in email
+addresses and in lookup table keys, but does not propagate
+address extension information to the result of table lookup.
+
+Postfix should have lookup tables that can return multiple result
+attributes. In order to avoid the inconvenience of maintaining
+three tables, use an LDAP or MYSQL database.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+Changes to \fBmain.cf\fR are picked up automatically, as
+\fBvirtual\fR(8)
+processes run for only a limited amount of time. Use the command
+"\fBpostfix reload\fR" to speed up a change.
+
+The text below provides only a parameter summary. See
+\fBpostconf\fR(5) for more details including examples.
+.SH "MAILBOX DELIVERY CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBvirtual_mailbox_base (empty)\fR"
+A prefix that the \fBvirtual\fR(8) delivery agent prepends to all pathname
+results from $virtual_mailbox_maps table lookups.
+.IP "\fBvirtual_mailbox_maps (empty)\fR"
+Optional lookup tables with all valid addresses in the domains that
+match $virtual_mailbox_domains.
+.IP "\fBvirtual_minimum_uid (100)\fR"
+The minimum user ID value that the \fBvirtual\fR(8) delivery agent accepts
+as a result from $virtual_uid_maps table lookup.
+.IP "\fBvirtual_uid_maps (empty)\fR"
+Lookup tables with the per\-recipient user ID that the \fBvirtual\fR(8)
+delivery agent uses while writing to the recipient's mailbox.
+.IP "\fBvirtual_gid_maps (empty)\fR"
+Lookup tables with the per\-recipient group ID for \fBvirtual\fR(8) mailbox
+delivery.
+.PP
+Available in Postfix version 2.0 and later:
+.IP "\fBvirtual_mailbox_domains ($virtual_mailbox_maps)\fR"
+Postfix is the final destination for the specified list of domains;
+mail is delivered via the $virtual_transport mail delivery transport.
+.IP "\fBvirtual_transport (virtual)\fR"
+The default mail delivery transport and next\-hop destination for
+final delivery to domains listed with $virtual_mailbox_domains.
+.PP
+Available in Postfix version 2.5.3 and later:
+.IP "\fBstrict_mailbox_ownership (yes)\fR"
+Defer delivery when a mailbox file is not owned by its recipient.
+.SH "LOCKING CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBvirtual_mailbox_lock (see 'postconf -d' output)\fR"
+How to lock a UNIX\-style \fBvirtual\fR(8) mailbox before attempting
+delivery.
+.IP "\fBdeliver_lock_attempts (20)\fR"
+The maximal number of attempts to acquire an exclusive lock on a
+mailbox file or \fBbounce\fR(8) logfile.
+.IP "\fBdeliver_lock_delay (1s)\fR"
+The time between attempts to acquire an exclusive lock on a mailbox
+file or \fBbounce\fR(8) logfile.
+.IP "\fBstale_lock_time (500s)\fR"
+The time after which a stale exclusive mailbox lockfile is removed.
+.SH "RESOURCE AND RATE CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBvirtual_mailbox_limit (51200000)\fR"
+The maximal size in bytes of an individual \fBvirtual\fR(8) mailbox or
+maildir file, or zero (no limit).
+.PP
+Implemented in the qmgr(8) daemon:
+.IP "\fBvirtual_destination_concurrency_limit ($default_destination_concurrency_limit)\fR"
+The maximal number of parallel deliveries to the same destination
+via the virtual message delivery transport.
+.IP "\fBvirtual_destination_recipient_limit ($default_destination_recipient_limit)\fR"
+The maximal number of recipients per message for the virtual
+message delivery transport.
+.SH "MISCELLANEOUS CONTROLS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
+The default location of the Postfix main.cf and master.cf
+configuration files.
+.IP "\fBdaemon_timeout (18000s)\fR"
+How much time a Postfix daemon process may take to handle a
+request before it is terminated by a built\-in watchdog timer.
+.IP "\fBdelay_logging_resolution_limit (2)\fR"
+The maximal number of digits after the decimal point when logging
+sub\-second delay values.
+.IP "\fBipc_timeout (3600s)\fR"
+The time limit for sending or receiving information over an internal
+communication channel.
+.IP "\fBmax_idle (100s)\fR"
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
+.IP "\fBmax_use (100)\fR"
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
+.IP "\fBprocess_id (read\-only)\fR"
+The process ID of a Postfix command or daemon process.
+.IP "\fBprocess_name (read\-only)\fR"
+The process name of a Postfix command or daemon process.
+.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
+The location of the Postfix top\-level queue directory.
+.IP "\fBsyslog_facility (mail)\fR"
+The syslog facility of Postfix logging.
+.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix version 3.0 and later:
+.IP "\fBvirtual_delivery_status_filter ($default_delivery_status_filter)\fR"
+Optional filter for the \fBvirtual\fR(8) delivery agent to change the
+delivery status code or explanatory text of successful or unsuccessful
+deliveries.
+.PP
+Available in Postfix version 3.3 and later:
+.IP "\fBenable_original_recipient (yes)\fR"
+Enable support for the original recipient address after an
+address is rewritten to a different address (for example with
+aliasing or with canonical mapping).
+.IP "\fBservice_name (read\-only)\fR"
+The master.cf service name of a Postfix daemon process.
+.PP
+Available in Postfix 3.5 and later:
+.IP "\fBinfo_log_address_format (external)\fR"
+The email address form that will be used in non\-debug logging
+(info, warning, etc.).
+.SH "SEE ALSO"
+.na
+.nf
+qmgr(8), queue manager
+bounce(8), delivery status reports
+postconf(5), configuration parameters
+postlogd(8), Postfix logging
+syslogd(8), system logging
+.SH "README_FILES"
+.na
+.nf
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+VIRTUAL_README, domain hosting howto
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH HISTORY
+.ad
+.fi
+.ad
+.fi
+This delivery agent was originally based on the Postfix local delivery
+agent. Modifications mainly consisted of removing code that either
+was not applicable or that was not safe in this context: aliases,
+~user/.forward files, delivery to "|command" or to /file/name.
+
+The \fBDelivered\-To:\fR message header appears in the \fBqmail\fR
+system by Daniel Bernstein.
+
+The \fBmaildir\fR structure appears in the \fBqmail\fR system
+by Daniel Bernstein.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
+
+Andrew McNamara
+andrewm@connect.com.au
+connect.com.au Pty. Ltd.
+Level 3, 213 Miller St
+North Sydney 2060, NSW, Australia